Ubuntu: Block internet if vpn connection drops



Question:

Trying to set up gufw so that it if my vpn connection drops, my computer won't be able to access the internet any more.

My plan was to block all outgoing, but allow only a connection to the IP of my vpn server, but I find when the firewall is implemented I can't load sites even if the vpn is connected.

Gufw settings

Above are the settings I am currently trying (partially hidden IP is my vpn server), what am I doing wrong?


Solution:1

Try something like this

You wish to change ufw rules based on interface status.

Nice place for this kind of action is in /etc/network/if-down.d/ and /etc/network/if-up.d/

You can in this folder put some script and make action. For example put this script in /etc/network/if-down.d/ to change ufw rules every time when tun0go down.

Make script called script with execute permissions 755

sudo nano /etc/network/if-down.d/script  

Script is

# Check interface  [ "$IFACE" != "tun0" ] || exit 0  # Do something  sudo ufw default deny outgoing  sudo ufw allow out to xxx.xxx.xxx.xxx  

Change permision of script

chmod 755 /etc/network/if-down.d/script  

In script xxx.xxx.xxx.xxx represent ip of your vpn server

When vpn reconnect you need again to change ufw rules. Make one more script aka script2

sudo nano /etc/network/if-up.d/script2  

Script is something like this

# Check interface  [ "$IFACE" != "tun0" ] || exit 0  # Do something  sudo ufw default allow outgoing  #also you can add more ufw rules ...  sudo ufw ....  

Change permision of script

chmod 755 /etc/network/if-up.d/script2  

First script will if tun0 go down make default outgoing police to deny but will allow access to vpn server. Second script will change default outgoing police to allow


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »