How do I set up a kill switch for a VPN proxy VM?
239 views
Skip to first unread message
mistnim
Jan 10, 2016, 9:12:46 AM1/10/16
to qubes...@googlegroups.com
Hello, I have Qubes 3.1 and I set up the VPN with a proxy VM, configured
using NetworkManager.
Could you tell me how to set up a kill switch? (Something that will stop
all traffic in case the VPN connection drops)
using NetworkManager.
Could you tell me how to set up a kill switch? (Something that will stop
all traffic in case the VPN connection drops)
donoban
Jan 11, 2016, 3:06:55 AM1/11/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El 10/01/16 a las 15:12, mistnim escribió:
You can filter all the forward chain and ACCEPT only which destination
is your VPN server.
iptables -P FORWARD DROP
iptables -A FORWARD -d xx.xx.xx.xx -j ACCEPT
if your proxyVM is connected to sys-firewall, maybe you can do the
same with gui firewall. Block all except your vpn address.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWk2KWAAoJEBQTENjj7QilQ6oP/05X04kbe7tI3Lwy7m0JY7jG
lO6lFkhdgEVU4bGqmUjezazoRnmVuIdPM6K2Hm5m4idnOaqfJvsW3IiKizdDfzVu
81uvO7oSvpubSuKF9PTN7ginNlufh4QI+maayMcebLrSEB6k5hS0ZgqHqjGEM43+
93hvg+Z8UUSQRfQ7qxGGu/JkeinWpwKCjNGyBKKbAva0ryQjG+bDX0rzJHKeJkTo
FRv5L2OAS2rw2Wjg8JpVQdnKQkz4k5MsBmJH1B2r1diDaerAjojIh6stKkni3xBV
CEYonlMZuKx22epT8IvvGBxMwooZ2jwJITceJ7L3o4+lNlxqedoITpw3NNMzBHqU
HMScKkGjLeVBnr0Y7Z7mCzjP9mQSa/PltO5uhx/CO03ru8CMEli2f7GG/GfcadZn
eVGkZ3FkdXpzblUWq79l3ABVBT6jO2DH4oxIxsATN23xALPxXtF/o4gnMWk5gycr
Ooi5bJlycw7E4XRS11NhjCwe9E5S84bAKH9BAU5ISMfDNLPhApyTGVEqzH65gLv/
ppokHNwiz33ffWMRi9ME2mjk4FtW7zoTBAZvJ7C2ysiHUbDW2JKecRUVKLFpFWRr
ie5WRSt2DAVk+tDwqwc0D8Tn/DE4v0U4YUjf1wxzYpzRjOJLRPcFN5jJrir3uI0R
A6vcVdnwUvMNIk8aMh7X
=W7rL
-----END PGP SIGNATURE-----
Hash: SHA1
El 10/01/16 a las 15:12, mistnim escribió:
is your VPN server.
iptables -P FORWARD DROP
iptables -A FORWARD -d xx.xx.xx.xx -j ACCEPT
if your proxyVM is connected to sys-firewall, maybe you can do the
same with gui firewall. Block all except your vpn address.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWk2KWAAoJEBQTENjj7QilQ6oP/05X04kbe7tI3Lwy7m0JY7jG
lO6lFkhdgEVU4bGqmUjezazoRnmVuIdPM6K2Hm5m4idnOaqfJvsW3IiKizdDfzVu
81uvO7oSvpubSuKF9PTN7ginNlufh4QI+maayMcebLrSEB6k5hS0ZgqHqjGEM43+
93hvg+Z8UUSQRfQ7qxGGu/JkeinWpwKCjNGyBKKbAva0ryQjG+bDX0rzJHKeJkTo
FRv5L2OAS2rw2Wjg8JpVQdnKQkz4k5MsBmJH1B2r1diDaerAjojIh6stKkni3xBV
CEYonlMZuKx22epT8IvvGBxMwooZ2jwJITceJ7L3o4+lNlxqedoITpw3NNMzBHqU
HMScKkGjLeVBnr0Y7Z7mCzjP9mQSa/PltO5uhx/CO03ru8CMEli2f7GG/GfcadZn
eVGkZ3FkdXpzblUWq79l3ABVBT6jO2DH4oxIxsATN23xALPxXtF/o4gnMWk5gycr
Ooi5bJlycw7E4XRS11NhjCwe9E5S84bAKH9BAU5ISMfDNLPhApyTGVEqzH65gLv/
ppokHNwiz33ffWMRi9ME2mjk4FtW7zoTBAZvJ7C2ysiHUbDW2JKecRUVKLFpFWRr
ie5WRSt2DAVk+tDwqwc0D8Tn/DE4v0U4YUjf1wxzYpzRjOJLRPcFN5jJrir3uI0R
A6vcVdnwUvMNIk8aMh7X
=W7rL
-----END PGP SIGNATURE-----
Qubed One
Jan 11, 2016, 3:53:36 PM1/11/16
to qubes...@googlegroups.com
donoban:
>
>
> El 10/01/16 a las 15:12, mistnim escribió:
>> Hello, I have Qubes 3.1 and I set up the VPN with a proxy VM,
>> configured using NetworkManager. Could you tell me how to set up
>> a kill switch? (Something that will stop all traffic in case the
>> VPN connection drops)
>
>
> You can filter all the forward chain and ACCEPT only which
> destination is your VPN server.
>
> iptables -P FORWARD DROP iptables -A FORWARD -d xx.xx.xx.xx -j
> ACCEPT
>
> if your proxyVM is connected to sys-firewall, maybe you can do the
> same with gui firewall. Block all except your vpn address.
>
Yes, you can.
>
> El 10/01/16 a las 15:12, mistnim escribió:
>> Hello, I have Qubes 3.1 and I set up the VPN with a proxy VM,
>> configured using NetworkManager. Could you tell me how to set up
>> a kill switch? (Something that will stop all traffic in case the
>> VPN connection drops)
>
>
> You can filter all the forward chain and ACCEPT only which
> destination is your VPN server.
>
> iptables -P FORWARD DROP iptables -A FORWARD -d xx.xx.xx.xx -j
> ACCEPT
>
> if your proxyVM is connected to sys-firewall, maybe you can do the
> same with gui firewall. Block all except your vpn address.
>
Reply all
Reply to author
Forward
0 new messages