Hi guys! I've set up an OpenVPN connection (TAP) between 2 Tomato routers. Both have the subnet 192.168.1.0/24. I know it's not recommended, but I can't change them now. Anyway the connection is working. On one side (OpenVPN-Client) I have PC1 with IP 192.168.1.56, on the other side (OpenVPN-Server) I have PC2 with IP 192.168.1.3. I just want to allow the connection between those 2 PCs, they don't should have access to the other LAN-Clients. On the Tomato with OpenVPN-Server i set Firewall to custom. Ping between PC1 and PC2 doesn't work anymore, OK. As soon as I put this: iptables -I INPUT -p udp --destination-port 1194 -j ACCEPT Ping starts working again, OK. Then I put this: iptables -I INPUT -i tap21 -d 0.0.0.0/0 -j DROP iptables -I FORWARD -i tap21 -d 0.0.0.0/0 -j DROP Ping still works. Why??? Shouldn't it now block the connection? So that i can put this: iptables -I INPUT -i tap21 -d 192.168.1.3 -j ACCEPT iptables -I FORWARD -i tap21 -d 192.168.1.3 -j ACCEPT and only have access to PC2? Hope someone can help me out... Thanks!