ocserv: applying firewall rules to restrict to the set routes

[Nikos Mavrogiannopoulos]

Hello,
 I was suggested that ocserv could conditionally apply firewall rules
that restrict the client to the provided routes and DNS servers. What
do you think of the idea? I think it is particularly interesting if it
can be set on a per-user basis. On the implementation side, I am
thinking that the only way to do it is to ship some system-specific
script which can apply the firewall rules, or require a
firewall-add-cmd and firewall-del-cmd in the configuration file.

Any other comments on that feature or implementation?

regards,
Nikos