Okay, I got the sudo su - now able to run iptables (had used sudo bash before and couldn't find iptables).
So before I test this, can you kindly provide a backout command? I'd like to confirm your point about clients not being able to exit to internet. That may work for me when I'm accessing the VPN/LAN as a client user. I have another VPN client (a mikrotik router at a remote location) where this might not work.
Just want to be able to back out the iptables change and iptables has never been my forte.
Thanks