[Bug 1264] New: Killswitch VPN don't work

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Jun 27 08:48:21 CEST 2018


            Bug ID: 1264
           Summary: Killswitch VPN don't work
           Product: iptables
           Version: 1.6.x
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: mtzseb at yahoo.fr

I just changed PC, and I would like to do as on the old: cut any internet
stream if the VPN server falls (killswitch).
On my other machines, I had no problem. But on the new, a fresh install, I can
not properly change my rules in Iptables (1.6.1) ...
To start, Iptables-persistent is not installed, /etc/iptables/ is empty, and
ufw is inactive (checked in its conf file)
At startup, everything is OK, internet works perfectly, VPN in function or not.
iptables -P OUTPUT DROP closes any outbound connection as expected
iptables -A OUTPUT -p udp -m multiport -dport 53,1194 -j ACCEPT to allow
outgoing traffic to openvpn and dns servers in udp protocol
iptables -A OUTPUT -o tun + -j ACCEPT to allow outgoing traffic over the VPN
iptables -A OUTPUT -d -j ACCEPT and iptables -A INPUT -s -j ACCEPT to allow traffic on the local network (minidlna, wifi
printer ...)
service network-manager restarted to restart the connection
Nothing works after that, not even way to go back after an iptables -F then
iptables -X, forced to reboot.
On my other machines (same Kubuntu version, but upgraded from oldest, this is
the only difference I can see), the commands work perfectly. I do not
understand what I could break on my new PC. An idea ?

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180627/0e5e83b1/attachment.html>

More information about the netfilter-buglog mailing list