• Are these VPN firewall settings safe?


    Hi, I’ve recently set up a VPN on my Antergos system.

    The problem was that if the VPN dropped out or was turned off then my standard internet connection would immediately take over.

    The following firewall settings block all access to the internet unless the VPN is running (a kill switch).

    My question is - Are these settings safe? They modify my firewall rules in a way I only half understand.

    Thanks in advance.

    1. terminal then sudo su
    2. nano /etc/services
    3. crtl+w then search for openvpn, once found # the start of both entries then crtl+o enter crtl+x.
    4. Create a new document (text file) on desktop and name it openvpn. Paste the text below and save. Change the ports to the ones your VPN provider uses.

    [openvpn]
    title=openvpn
    description=openvpn
    ports=53,443,1912/udp

    1. Open as Administrator /etc/ufw/application.d and place the openvpn file inside. Then check the permissions to make sure the owner is root.
    2. Setup UFW
    3. terminal then sudo su

    sudo ufw disable
    sudo ufw app update --add-new openvpn
    sudo ufw app update openvpn
    sudo ufw default deny incoming
    sudo ufw default deny outgoing
    sudo ufw allow in openvpn
    sudo ufw allow out openvpn
    sudo ufw allow out on tun0 from any to any
    sudo ufw allow in on tun0 from any to any
    sudo ufw enable

    0_1527409625315_ufw_settings.png

  • @anivegmin SOLVED after much searching and trying many different rule sets.

    sudo ufw disable
    sudo ufw --force reset

    sudo ufw app update --add-new openvpn
    sudo ufw app update openvpn

    sudo ufw default deny incoming
    sudo ufw default deny outgoing
    sudo ufw allow out on tun0
    sudo ufw allow out on eth0 to any port 1194 proto udp
    sudo ufw allow out on wlan0 to any port 1194 proto udp
    sudo ufw allow out openvpn

    sudo ufw enable

    (delete all ipv6 rules)

    All incoming now denied. Everything works.

internet29 vpn22 firewall4 Posts 2Views 178
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.