You are not logged in.
Hello everyone!
I'm trying to implement VPN killswitch so that all connections would be routed through my vpn tunnel.
Here's what I've come up with so far:
*filter
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT #Local Network
-A OUTPUT -p udp -m udp -d X.X.X.X --dport 1194 -j ACCEPT #VPN IP
-A OUTPUT -o tun0 -j ACCEPT
COMMITAnd it seems to be working. But I've encountered two problems:
1) GUI applications stop working for some magical reason. Even xfce4 session won't start. All I see is a black screen and a cursor.
2) These rules are not working for QEMU/KVM machines for some reason. For example, if I turn off my VPN and boot up to my Win 7 KVM, I'll still be able to access the internet. Although when my VPN is turned on KVMs are routed through VPN.
Any input is appreciated. Thank you!
Offline
Looks like you are currently dropping all incoming traffic from loopback, probably need this first in INPUT:
-A INPUT -i lo -j ACCEPTOffline