eBay Suspension & PayPal Limited Forums  
Join Today
Register Subscribe
     

Registration is fast, simple and absolutely free so please, join our community today!


Go Back   Home
Reload this Page

Forum

Register FAQ Community Recent Threads Search

eBay Suspension & PayPal Limited Guide
eBay Suspended & PayPal Limited Forums

eBay Suspended & PayPal Limited Forums (https://www.aspkin.com/forums/)
-   IP Address (https://www.aspkin.com/forums/ip-address/)
-   -   question about VPN killswitch using Linux iptables rules (https://www.aspkin.com/forums/ip-address/108858-question-about-vpn-killswitch-using-linux-iptables-rules.html)

nate 07-12-2017 11:24 AM
question about VPN killswitch using Linux iptables rules
 
I guessing its a long shot that I'll get a answer for this one but I figured I'd give it a shot.

I'm in the process of figuring this out with using trial and error. I've yet to find a complete template for setting up iptables for a killswitch online. I'm setting this up on Chromium OS run on vmware.

Chromium already has L2TP/IPsec. As far as I can tell the only way to set up a killswitch is through shell using iptables.

I get the jest of it... but I'm not sure about the exact scripts. Google results give all different answers.

deny all outgoing and incoming by

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

make an exception for network adapter by

allow out on ppp0

iptables -A OUTPUT -o ppp0 -p tcp -j ACCEPT ?

allow in on ppp0

iptables -A INPUT -i ppp0 -p tcp -j ACCEPT ?

Make an exception from any ip address to the ip address of the server so I can connect to it

iptables -I OUTPUT -o eth0 -d 123.123.123.123 -j ACCEPT ?

then block all ipv6

?

Hopefully someone here has done this already or has mad networking skills and can help with the scripts. Chrome OS uses iptables v.1.4.21 which is pretty universal although I haven't been able to find an exact example of this configuration online.

nate 07-12-2017 05:00 PM
Re: question about VPN killswitch using Linux iptables rules
 
I got it to work. But if anyone could tell me if I'm missing anything or if there is a better way to do it I'd appreciate the info. I didnt need to add any ipv6 rules. A test on test-ipv6 shows no ipv6 detected.

Delete all rules in a chain or all chains

iptables –F

Allow all input and output on local host

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Allow traffic input and output from VPN Server

iptables -A INPUT -s 123.123.123.123 -j ACCEPT
iptables -A OUTPUT -d 123.123.123.123 -j ACCEPT

Allow traffic via VPN network adapter (L2TP/IPsec)

iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A OUTPUT -o ppp0 -j ACCEPT

Drop everything else

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP



When I run cmd: iptables -S it shows

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 123.123.123.123/32 -j ACCEPT
-A INPUT -i ppp0 -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 123.123.123.123/32 -j ACCEPT
-A OUTPUT -o ppp0 -j ACCEPT
-A OUTPUT -j DROP


All times are GMT -5. The time now is 07:25 PM.

vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Ad Management by RedTyger


All times are GMT -5. The time now is 07:25 PM.

Support - Recent Threads - Archive - Top

Stop the guessing games and learn how you can quickly and easily get back on eBay today!
Read the best selling step-by-step eBay Suspension guide eBay Stealth!
Rotating Residential Proxies? Head to IPBurger for Residential Proxies
vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Ad Management by RedTyger