LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page vpn killswitch
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-30-2019, 09:41 AM   #1
vans25
LQ Newbie
 
Registered: Oct 2019
Posts: 1

Rep: Reputation: Disabled
vpn killswitch

Hi
Looking for help to correctly setup killswitch after I disconnect from nordvpn (linux app) ( for example if manually disconnected and forget about it or switching to different location etc. becouse killswitch dosn't work in that case/time)
Buildin "killswitch" automatically stops all internet traffic while the VPN connection suddenly fails But it doesn't work if you disconnected manually or connecting to next location (in linux).
also while connected with vpn ,nordvpn diable my ufw and setingup own firewall (but for a time it's connected)

Generally the only way to connect internet must be through nordvpn this is what I'm looking for

How to do it?
Looking for guide how to do it properly
debian10
 
Old 11-12-2019, 01:49 PM   #2
/dev/random
Member
 
Registered: Aug 2012
Location: Ontario, Canada
Distribution: Slackware 14.2, LFS-current, NetBSD 6.1.3, OpenIndiana
Posts: 319

Rep: Reputation: 112Reputation: 112
Easy, block all packets from all interfaces but the vpns
You need to run this after the vpn is up otherwise it will not work

Code:
#!/bin/sh

iptables -P INPUT DROP
iptables -P OUTPUT DROP

# Allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow vpn
iptables -A INPUT -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o tun0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow vpn service though eth0 only (to keep the tunnel established)
iptables -A INPUT -i eth0 -d <vpn ip> -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -s <vpn ip> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Last edited by /dev/random; 11-12-2019 at 01:51 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] rc.firewall, how can i define vpn "killswitch" rules? coralfang Slackware 8 03-23-2018 05:53 PM
LXer: How To Create A VPN Killswitch Using Iptables on Linux LXer Syndicated Linux News 0 09-29-2017 05:16 AM
implement vpn killswitch using route? blm14 Linux - Networking 1 03-15-2016 12:03 PM
[SOLVED] IPW2200; Killswitch; WICD. jamescondron Linux - Hardware 1 11-26-2009 12:31 PM
OpenSUSE 11.0 / KDE 4.1.1 / wifi killswitch problem manishsingh4u Linux - Wireless Networking 0 09-11-2008 08:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:30 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration