[Firehol-support] vpn "kill switch" with firehol
Nikolay Kubarelov
admin at gramophon.com
Mon May 16 10:08:32 BST 2016
Hello, All,
First, thanks a lot for working on Firehol, its a very handy tool. I use
it since its start to secure my desktop.
I'm trying to rewrite those iptables rules
(https://gist.github.com/aelveborn/e0faab9185256eeb86ad) to firehol.
The rules are dropping all traffic which is not directed to the VPN
server, which prevents leaks, when VPN is accidently disconnected.
I've came up with something like this, but can't make it to work here:
=============================
version 5
white = "127.0.0.0/8 10.0.0.0/24 10.8.0.0/24 46.246.32.0/19"
interface wlan1 internet dst ${white}
client all accept
server all accept
interface tun0 vpn
server ssh accept
client all accept
=============================
I'm not really sure where I have to white list those ip - in interface,
or in client?
If somebody has the time to help me with those rules, I'll be happy to
test.
Thanks in advance!
Nikolay
More information about the Firehol-support
mailing list