I used a script from here to setup rules that make sure user transmission-daemon can only send traffic via the VPN i use.
At least that's what the author says. I have troubles understanding the following output. For example, what does the line tcp spt:9091 owner GID match debian-transmission mean? Why is there no traffic on that rule?
Hint: My ethernet port is enp3s0 (like eth0).
$ sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
436 35225 f2b-sshd tcp -- any any anywhere anywhere multiport dports ssh
1085 221K ACCEPT all -- tun0 any anywhere anywhere
2913 923K ACCEPT all -- enp3s0 any anywhere anywhere
112 12221 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 4540 packets, 1267K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any enp3s0 anywhere 192.168.100.0/25 tcp spt:9091 owner GID match debian-transmission
0 0 ACCEPT udp -- any enp3s0 anywhere 192.168.100.0/25 udp spt:9091 owner GID match debian-transmission
2263 202K ACCEPT all -- any tun0 anywhere anywhere owner GID match debian-transmission
12 2581 ACCEPT all -- any lo anywhere anywhere owner GID match debian-transmission
0 0 REJECT all -- any any anywhere anywhere owner GID match debian-transmission reject-with icmp-port-unreachable
