Killswitch (100%secure) for Linux using ufw

nonono

New Member
Hi,

to have a killswitch to avoid leaking your IP adress in case of connection problems I found a simple solution using ufw. This should work with ease on all distributions.

You nee a script to enable the killswitch:

fwon.sh
Code:
#!/bin/bash

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow out on tun0 from any to any
sudo ufw enable

and a script to disable it:

fwoff.sh
Code:
#!/bin/bash

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable


This is a very simple on/off solution. As the rules is still active after reboot you can alter the fwon.sh script and add a line to
allow outgoing connections on a non tun interface but only a PP Server:

Code:
#!/bin/bash

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow out on enp57s0f1 to 85.17.28.145
sudo ufw allow out on tun0 from any to any
sudo ufw enable

Only thing you need to check here is

enp57s0f1 -> change to whatever your physical interface is called
85.17.28.145 -> change to whatever pp server you want to use (here amsterdam1)

Of course you can add multiple, all or none PP servers here. It's up to you.

As iptables get deprecated anf nft is complicated to non experienced users I assume this is a very solid kill switch solution.
Any feedback or questions are welcome. Enjoy.
 
Back
Top