Clueless newbie here If someone can tell me how to set firewalld as a kill switch for openvpn I would really appreciate
firewalld can be controlled either from a graphical interface or a command line interface. One must know what zone is active (try firewall-cmd --get-active-zones) to understand what zone is currently in use. To unset an active service (such as openvpn which is predefined) one could use the command line as root to enter: firewall-cmd --zone='THE_ZONE_THAT_SHOWED_AS_ACTIVE' --remove-service=openvpn . This changes the firewall that is currently running only, not the configured setup which is changed by adding --permanent between the firewall-cmd and the --zone= entries. Note that current connection states are not affected. A reboot will restore the original (as changed by any firewall-cmd --permanent commands that have run in the session) Note that the man firewall-cmd page is quite capable but does require a basic understanding of netfilter (iptables). The graphical interface is more understandable
Amicalement, Dave -- Maple Park Development Linux Systems Integration 1224 DuBois St. Louis MO 63122-5518 USA
Tel : 01-314-941-2496 Fax :01-866-542-7647 http://www.maplepark.com/ mapleparkdevelopment@gmail.com
If IP addresses weighed one gram each: IPv4 = half the Empire State Building IPv6 = 56 billion earths
I use Linux and I wouldn't touch Outlook even if I were using a Hazmat suit and an isolation lab kit.
On Sat, Sep 10, 2016 at 1:50 PM, Jake Trader longid@fedoraproject.org wrote:
Clueless newbie here If someone can tell me how to set firewalld as a kill switch for openvpn I would really appreciate _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/firewalld- users@lists.fedorahosted.org
Thank you for the reply, David. My goal here is to prevent any leakage should there be an unexpected disconnection in openvpn. I hear you can solve this by configuring firewall to kill all traffic when openvpn fails.
So far all I've done is to type from public zone (default): # firewall-cmd --add-service openvpn # firewall-cmd --permanent --add-service openvpn # firewall-cmd --add-masquerade # firewall-cmd --permanent --add-masquerade # reboot
Should I have done above in the drop zone??? I am clueless as to what I'm doing. lol Help please.
Assuming the public zone is the only active zone, IMO that should be sufficient. The permanent firewall is what is restored (brought up) when boot-up occurs so you could --remove-service openvpn in the run-time instance if you note a problem in openvpn and run firewall-cmd --complete-reload (disconnects any hanging connections) to allow the permanent firewall to take effect when the problem is fixed (Or maybe just reboot).
The drop zone drops everything anyway and appears not active so doesn't act in this scope.
Amicalement, Dave -- Maple Park Development Linux Systems Integration http://www.maplepark.com/
If IP addresses weighed one gram each: IPv4 = half the Empire State Building vs. IPv6 = 56 billion earths
I use Linux and I wouldn't touch Outlook even if I were using a Hazmat suit and an isolation lab kit.
On Sun, Sep 11, 2016 at 9:38 PM, Jake Trader longid@fedoraproject.org wrote:
Thank you for the reply, David. My goal here is to prevent any leakage should there be an unexpected disconnection in openvpn. I hear you can solve this by configuring firewall to kill all traffic when openvpn fails.
So far all I've done is to type from public zone (default): # firewall-cmd --add-service openvpn # firewall-cmd --permanent --add-service openvpn # firewall-cmd --add-masquerade # firewall-cmd --permanent --add-masquerade # reboot
Should I have done above in the drop zone??? I am clueless as to what I'm doing. lol Help please. _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/firewalld- users@lists.fedorahosted.org
Hi. I did not understand please can you explain more how to set such Internet Kill Switch.
Please notice that I connect to VPN by terminal not by network manager.
So, please can you explain the following:
1) what I have to do 1st: connect to VPN by terminal then open new terminal & enter in it the commands or I have 1st to enter the commands then to connect to VPN ? I mean which I have to do 1st: connect to VPN or set firewalld given command ?
2) regarding firewalld commands, I did not understand:
# firewall-cmd --add-service openvpn then repeat same command but with --permanent !! # firewall-cmd --permanent --add-service openvpn
# firewall-cmd --add-masquerade then repeat same command but with --permanent !! # firewall-cmd --permanent --add-masquerade
Please explain this. What I should do in sequence step by step.
firewalld-users@lists.fedorahosted.org
-
David Forrest -
Jake Trader -
Yousif Kadom