Hi. I'm new user of Linux. I'm on Linux Fedora 24 X64 cinnamon edition.
I opened thread in Fedora help form about how achieve Internet kill switch. Please look to descusion within it on following link:
http://www.forums.fedoraforum.org/showthread.php?t=311476
My user name in Fedora help forum is User808 also.
As you see from thread, I'm not able to use command line iptables because it is deficult. I try my best but I can not.
I have Idea to achieve Internet kill switch from GUI of firewalld & not sure if it is correct or not ? It seem that it is correct or correct with need for minor additions. My idea is that:
After downloading VPN configuration files & set up VPN from network manager we do following:
1) open GUI of firewalld then change default zone to = drop
2) open GUI of VPN from network manager & before connect to VPN we change (from GUI of VPN within network manager) firewall zone setting of VPN to either trusted or home.
3) connect to VPN
4) after end session of VPN I have to disconnect from VPN then reopen GUI of firewalld to change back default zone to = public so as to restore normal Internet connection. Then restore zone setting of VPN from GUI of VPN in network manager to default zone.
Is this valid way
Hello,
On 09/19/2016 08:55 PM, yousifjkadom@yahoo.com wrote:
Hi. I'm new user of Linux. I'm on Linux Fedora 24 X64 cinnamon edition.
I opened thread in Fedora help form about how achieve Internet kill switch. Please look to descusion within it on following link:
http://www.forums.fedoraforum.org/showthread.php?t=311476
My user name in Fedora help forum is User808 also.
As you see from thread, I'm not able to use command line iptables because it is deficult. I try my best but I can not.
I have Idea to achieve Internet kill switch from GUI of firewalld & not sure if it is correct or not ? It seem that it is correct or correct with need for minor additions. My idea is that:
After downloading VPN configuration files & set up VPN from network manager we do following:
open GUI of firewalld then change default zone to = drop
open GUI of VPN from network manager & before connect to VPN we change (from GUI of VPN within network manager) firewall zone setting of VPN to either trusted or home.
connect to VPN
after end session of VPN I have to disconnect from VPN then reopen GUI of firewalld to change back default zone to = public so as to restore normal Internet connection. Then restore zone setting of VPN from GUI of VPN in network manager to default zone.
Is this valid way
The drop zone is not limiting outgoing traffic. Therefore I do not think that using the drop zone will help here. Output filtering in zones is planned for one of the next releases. With this it should then be possible to add the needed rules for the kill switch easily.
The panic mode will not let any packets through - incoming and outgoing.
The only way that I see to add the rules for the KillSwitch is with the direct interface tracked pass-through rules. Of the rules are added to the top of the chains, then it should be possible to keep the other rule set as it is. But it is then needed to make sure that the last line added of the block is a dropping all traffic, that shall not pass.
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Regards, Thomas
Hi. Thank you very much for your kind response.
You cold my hot heart when you commented "Output filtering in zones is planned for one of the next releases. With this it should then be possible to add the needed rules for the kill switch easily"
I will wait till new release. Thank you very much again for this hard working !
I would like to ask about following:
1) at which approximate time next release will be available ? 2) in preparation for that time, can you inform me which zone is best to set OpenVPN at it ? Public, home or trusted ?
Best
Hi,
On 09/21/2016 08:14 PM, Yousif Kadom wrote:
Hi. Thank you very much for your kind response.
you are welcome.
You cold my hot heart when you commented "Output filtering in zones is planned for one of the next releases. With this it should then be possible to add the needed rules for the kill switch easily"
I will wait till new release. Thank you very much again for this hard working !
I would like to ask about following:
- at which approximate time next release will be available ?
- in preparation for that time, can you inform me which zone is best to set OpenVPN at it ? Public, home or trusted ?
I am still in the planning phase for the next releases with the new requests in mind. Hopefully I will be able to do the planning this week. At the moment there are still some documentation tasks I need to take care before I can go on.
Best _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Regards, Thomas
firewalld-users@lists.fedorahosted.org