bugzilla-daemon at netfilter.org
2018-Jun-27 06:48 UTC
[Bug 1264] New: Killswitch VPN don't work
https://bugzilla.netfilter.org/show_bug.cgi?id=1264
Bug ID: 1264
Summary: Killswitch VPN don't work
Product: iptables
Version: 1.6.x
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: mtzseb at yahoo.fr
Hello,
I just changed PC, and I would like to do as on the old: cut any internet
stream if the VPN server falls (killswitch).
On my other machines, I had no problem. But on the new, a fresh install, I can
not properly change my rules in Iptables (1.6.1) ...
To start, Iptables-persistent is not installed, /etc/iptables/ is empty, and
ufw is inactive (checked in its conf file)
At startup, everything is OK, internet works perfectly, VPN in function or not.
iptables -P OUTPUT DROP closes any outbound connection as expected
iptables -A OUTPUT -p udp -m multiport -dport 53,1194 -j ACCEPT to allow
outgoing traffic to openvpn and dns servers in udp protocol
iptables -A OUTPUT -o tun + -j ACCEPT to allow outgoing traffic over the VPN
connection
iptables -A OUTPUT -d 192.168.1.1/24 -j ACCEPT and iptables -A INPUT -s
192.168.1.0/24 -j ACCEPT to allow traffic on the local network (minidlna, wifi
printer ...)
service network-manager restarted to restart the connection
Nothing works after that, not even way to go back after an iptables -F then
iptables -X, forced to reboot.
On my other machines (same Kubuntu version, but upgraded from oldest, this is
the only difference I can see), the commands work perfectly. I do not
understand what I could break on my new PC. An idea ?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180627/0e5e83b1/attachment.html>
Reasonably Related Threads
Wisdom of the Ancients
