attacks?
well, leaks ..
https://browserleaks.com/
this is bad
that will allow you to connect to https without going through the VPN
I guess you have that so you can connect to the VPN, I assume tcp
assuming eth0 is 'real' network device
Code:
ufw allow out on eth0 to ${VPN_IP} port 443 proto tcp
If you are using a FQDN to get to the VPN you are going to have to open up a DNS port, you may want to run your own caching dns and have that only use external ( none VPN ) DNS for lookups of the VPN FQDN
this doesn't make much sense
Code:
the_ip=$(ip addr show | grep 'inet 192.168' | awk '{print $2;}')
sudo ufw allow in to $the_ip
sudo ufw allow out to $the_ip
you would end up with something like 192.168.1.10/24 in and out
Code:
the_ip=$(ip -brief -f inet addr show eth0 | grep -Eo "[0-9]{1,3}(\.[0-9]{1,3}){3}" )
that would get you 192.168.1.10
Code:
ufw allow from ${the_ip%.*}.0/24 to ${the_ip} port 22,1080 proto tcp
opens up ssh and socks
so, from anywhere on your lan, you can ssh in or use the socks proxy to connect to the internet via the VPN
other typical proxy ports 3128,8080,8118
you should also throw in
to give you a nice overview
you may want to allow out to your lan
Code:
ufw allow out on eth0 from ${the_ip} to 192.168.1.20 port 3632 proto tcp
to speed up compiles