[Firehol-support] vpn "kill switch" with firehol

Nikolay Kubarelov admin at gramophon.com
Mon May 16 10:08:32 BST 2016


Hello, All,

First, thanks a lot for working on Firehol, its a very handy tool. I use
it since its start to secure my desktop.

I'm trying to rewrite those iptables rules
(https://gist.github.com/aelveborn/e0faab9185256eeb86ad) to firehol.
The rules are dropping all traffic which is not directed to the VPN
server, which prevents leaks, when VPN is accidently disconnected.

I've came up with something like this, but can't make it to work here:

=============================
version 5

white = "127.0.0.0/8 10.0.0.0/24 10.8.0.0/24 46.246.32.0/19"

interface wlan1 internet dst ${white}
        client all accept
        server all accept

interface tun0 vpn
        server ssh accept
        client all accept

=============================

I'm not really sure where I have to white list those ip - in interface,
or in client?

If somebody has the time to help me with those rules, I'll be happy to
test. 

Thanks in advance!
Nikolay



More information about the Firehol-support mailing list