The solution that you gave in last reply to use involving use of script & seem to be more complicated.
It seem that firewall approach much easier. I get following link that involve approach than we can modify it + make it more simple. Please look to this & read t carefully:
Fore simplification & discussion I will rewrite it concentrating on some point by CAPS:
Now we are going to block all traffic on the computer.
Step 1) sudo ufw default deny outgoing
Do this for incoming also
Step 2) sudo ufw default deny incoming
Okay. Now we want to make it so there is an exception for VPN. If you are using OpenVPN and TUN as network adapter (you most probably are) then we call the network interface as tun0.
Allow outgoing traffic on tun0
Step 3) sudo ufw allow out on tun0 from any to any
Now security wise you don't need to allow incoming traffic to use the Internet. But if you may want to require it (for example seeding torrents this is necessary). So add it if you want.
Steo 4 "optional" ) sudo ufw allow in on tun0 from any to any
Okay. So now ALL TRAFFIC IS ALLOWED ON VPN AND NO TRAFFIC IS ALLOWED WITHOUT VPN. But it's really annoying to TURN FIREWALL ON AND OFF EACH TIME WE WANT TO CONNECT TO A VPN so we'll add an exception for establishing the initial connection to the VPN server.
From above selection it seem that only 1st 3 (or 1st 4 steps) is necessary on Fedora because FIREWALL ENABLED BY DEFAULT ON FEDORA. Also most Fedora users prefer maintaining firewall turned on because they are more concerned about security. For me I select Fedora over openSUSE when Debian not satisfy hardwares of my laptop, because Fedora by default more secure than openSUSE (though Fedora less stable). More over on openSUSE I can turn on my dedicated VGA while till now it is off on Fedora, but I sticky for Fedora for being more secure by default than openSUSE. I think most other Fedora users are of same mind. For that no need for turning on/off of firewall every time we use VPN so no need to concern about steps that I not including in my cut above.
All we need are:
1) perform command corresponding to "sudo ufw default deny outgoing"
2) perform command corresponding to "sudo ufw default deny incoming"
3) perform command corresponding to "sudo ufw allow out on tun0 from any to any"
4) now (after all steps above) we should connect to VPN either from terminal or from network manager
5) after finishing your VPN session, you will close VPN then:
6) you have now (after closing VPN) need to reverse step 1 & step 2 to original state that was before (which should be allow outgoing / allow incoming - or allow outgoing / deny incoming according to your preference)
7) when you like to reconnect for VPN (enjoy other VPN session) then ALL you need are JUST STEP 1 & 2 then go to reconnect to VPN from terminal or network manager.
Regarding point 7 just mentioned above, I supposed that step 3 "sudo ufw allow out on tun0 from any to any" will remain active & valid what ever we change default setting in step 1 & step 2 ISN'T IT ???? Please answer this: is step 3 "sudo ufw allow out on tun0 from any to any" will remain valid & thus we need not to repeat step 3 or it will be broken & we should repeat it every time before connection to VPN ??????????
Now we need Fedora commands that are corresponding for following Debian/Ubuntu commands:
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
Also, it will be very nice if expert members make screenshots about how to achieve all above from GUI of firewall.
If all above are correct & achieved then I think that modulators of forum should fix this thread to be used as reference since there is following statement from link bellow:
"For killswitch again shouldn't use a client. If your client crashes your killswitch is dead. Instead you have a much more reliable method. Set up a firewall level system wide killswitch. By using iptables (or my preference UFW which is an easy to use front end to iptables) then you are interacting with netfilter (the firewall built into the Linux kernel). As such you can not have a superior failsafe than this as it then becomes a failsafe built directly into the Linux kernel (the foundation of your entire operating system)."
Please modulators & expert members give this thread more attention