-
-
Save harmancode/78abfaa3b76e25bb5c60b0ed00086f8a to your computer and use it in GitHub Desktop.
Force Traffic Through a VPN via UFW (uncomplicated firewall)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check root. So we don't need it everytime. | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "Got root?" | |
| exit 1 | |
| fi | |
| # VPN's listening port: | |
| vpnPORT=1194 | |
| # Interface (usually tun0 or tap0) | |
| vpnITF=tun0 | |
| # Flush our current chains: | |
| # iptables -F | |
| # iptables -t nat -F | |
| # iptables -t mangle -F | |
| # iptables -X | |
| # Make sure UFW doesn't break anything | |
| ufw reset | |
| # UFW defaults: | |
| ufw default deny incoming | |
| ufw default deny outgoing | |
| ufw default deny forward | |
| # DNS Queries should pass to initiate the connection | |
| ufw allow out 53 | |
| ufw allow out $vpnPORT | |
| # Allow out on virtual NIC | |
| ufw allow out on $vpnITF | |
| #Note: If there are any private subnets you need to | |
| # reach while you are connected to the VPN, add them here: | |
| #ufw allow out on eth0 to 192.168.1.0/24 | |
| # Ensure access to all private networks. | |
| # You may want to restrict these to certain subnets, up to you. | |
| ufw allow out to 192.168.0.0/16 | |
| ufw allow out to 172.16.0.0/12 | |
| ufw allow out to 10.0.0.0/8 | |
| # Allow ipv4 muticast | |
| ufw allow out to 224.0.0.0/24 | |
| ufw allow out to 239.0.0.0/8 | |
| # Allow local ipv6 | |
| ufw allow out to ff01::/16 | |
| # Turn all rules on | |
| ufw enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment