FedoraForum.org - Fedora Support Forums and Community
Page 4 of 4 FirstFirst ... 2 3 4
Results 46 to 50 of 50
  1. #46
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: How can I do Internet Kill Switch for VPN on Fedora

    I restore my internet connection !

    I re-entered all rules that I added to KillSwitch but with replacement "add" by "remove", so I remove all of them permanently. After that I reload firewalld & every thing return normal ! Bad experience ! But without this one can not learn.

    I will try again but this time with VPN connection established:

    1st I will change default zone to KillSwitch

    2nd I will establish VPN connection

    3rd I will add rules

    If you face big problem like this & can not reverse it easy like in my case then use following command:

    sudo firewall-cmd --complete-reload

    this command will restore your firewall to original state when you 1st launch your Fedora after fresh installation.

  2. #47
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: How can I do Internet Kill Switch for VPN on Fedora

    Quote Originally Posted by DBelton
    You could set up a new zone in firewalld, put the rules into the new zone (make them permanent), then when you connect to VPN, switch zones to the new zone you created.
    No !! No at all !! I try what you suggest & end by disaster: I created new zone as permanent, reload firewalld, added same services that added by default to default public zone I added them to new zone. Then reload firewalld.

    This cause me to loss ability to connect to internet totally !! I try it two time: 1st I added rules to newly created zone while I'm not connected to VPN. It failed & I remove all rules from NEWLY CREATED ZONE so as to restore my ability to connect to internet. Then I try again but in the following steps:

    - I changed default zone to newly created zone (which has no rules added to it)
    - then connected to VPN
    - then I added rules to newly created zone
    - finally reload firewalld

    but I got same result: loss ability to connect to internet from any zone !!

    It seem that - for a cause or other - these rules to achieve internet kill switch is invalid on user made zones & only valid on default firewalld zone that created by developer.

    For that I deleted my reply "comment 43" so as not to injur peoples.

    The only way to simplify use of these rules is to convert them into a script.

    It is byond ability further evolution of this topic. It is better to ask developer of firewalld to convert these rules into script.

    Best.

  3. #48
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: How can I do Internet Kill Switch for VPN on Fedora

    I discover new think: after stoping VPN connection, reloading firewalld whether from GUI or from terminal WILL NEVER RESTORE YOU CONNECTION !!!!!!!!!!!!!!!!!!!!!!!!!

    You have to restart your PC after stoping VPN so as to end Internet kill switch !!!!!!!!!!!!!!!!!!!!! Why ????!!!!!

    ---------------------------

    By the way, to remove zone that created by user, use this command:

    sudo firewall-cmd --permanent --delete-zone=zonename

    It is only valid for user made zones. It does not work on default zones that created by developer of Firewalld

    Also, you can delete user created zones from GUI of Firewalld. You have to change to "Permanent" to do this. Again it is only applied for user created zones & not work on default zones created by developer of Firewalld.

    Bset
    Last edited by User808; 5th November 2016 at 09:43 AM.

  4. #49
    Join Date
    Oct 2011
    Posts
    1,630

    Re: How can I do Internet Kill Switch for VPN on Fedora

    Quote Originally Posted by DBelton
    You could set up a new zone in firewalld, put the rules into the new zone (make them permanent), then when you connect to VPN, switch zones to the new zone you created.
    If you want to try what DBelton suggested, this seems like a good reference on how to configure firewalld: https://www.rootusers.com/how-to-use...ering-and-nat/

  5. #50
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: How can I do Internet Kill Switch for VPN on Fedora

    Quote Originally Posted by srakitnican
    If you want to try what DBelton suggested, this seems like a good reference on how to configure firewalld: https://www.rootusers.com/how-to-use...ering-and-nat/
    Dear I did not found in the link you give me unless one thing: I wrote rules as following:

    sudo firewall-cmd --zone=KillSwitch1 --permanent --add-service=dhcpv6-client

    In your link it write "--permanent --zone=KillSwitch1" while I wrote:

    "--zone=KillSwitch1 --permanent" so does this diffirent make sense ?!!

    Take part of what I did:

    1) create new zone (a custom zone), say “KillSwitch1”:
    sudo firewall-cmd --permanent --new-zone=KillSwitch1
    2) reload the firewall to bring this new zone into the active configuration:
    sudo firewall-cmd --reload
    3) in permanent mode, add the services you like to the newly created zone “KillSwitch”: (recommended to use same services that added by default to default “public” zone with adding “openvpn” service)

    sudo firewall-cmd --zone=KillSwitch1 --permanent --add-service=dhcpv6-client
    sudo firewall-cmd --zone=KillSwitch1 --permanent --add-service=mdns
    sudo firewall-cmd --zone=KillSwitch1 --permanent --add-service=openvpn
    sudo firewall-cmd --zone=KillSwitch1 --permanent --add-service=ssh

    4) then, in permanent mode, add following rules to the newly created zone “KillSwitch1”:

    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT

    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv6 filter INPUT 0 -j DROP
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter INPUT 999 -j DROP

    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv6 filter OUTPUT 0 -j DROP
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport 443 -j ACCEPT
    sudo firewall-cmd --zone=KillSwitch1 --direct --permanent --add-rule ipv4 filter OUTPUT 999 -j DROP

    5) now reload firewalld:
    sudo firewall-cmd --reload

    --------------------------------

    So, could you kindly point to the error mistake that I did ??

    Just when I reload firewalld & activate these rule I loss any ability to connect to internet from any zone whate ever being "public" , "trusted" , "home" , "KillSwitch1" ..... !!!!!!!!!!! Why ???!!!

Page 4 of 4 FirstFirst ... 2 3 4

Similar Threads

  1. VPN connect on boot and kill switch.
    By B1ueB1aze in forum Using Fedora
    Replies: 0
    Last Post: 12th June 2013, 07:21 AM
  2. The myth of the Sony 'kill switch'
    By Wayne in forum Wibble
    Replies: 15
    Last Post: 28th January 2010, 01:41 PM
  3. Kill Switch not working on TravelMate
    By recon1025 in forum Hardware & Laptops
    Replies: 2
    Last Post: 14th March 2008, 10:17 PM
  4. FC8 NW8240 RF Kill Switch Problem
    By jd_sa in forum Hardware & Laptops
    Replies: 1
    Last Post: 11th January 2008, 09:56 PM
  5. Radio kill switch - Wireless not working
    By frxshmxn in forum Hardware & Laptops
    Replies: 14
    Last Post: 18th May 2005, 06:32 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •