I want to make killswitch, but with rules that accepts ONLY on set ports and destination/source ip and (it's very important for me) ONLY for group (openvpngroup).
That's working for me only if i don't add '--gid-owner'. Is there any way to run openvpn as a group? For example 100.100.100.100 is IP of server.
Code: Select all
sudo iptables --flush
sudo iptables --delete-chain
sudo iptables -t nat --flush
sudo iptables -t nat --delete-chain
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -j ACCEPT -o lo
sudo iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT -o enp4s0
sudo iptables -A OUTPUT -d 100.100.100.100 -o enp4s0 -p tcp -m owner --gid-owner openvpngroup --dport 443 -j ACCEPT
sudo iptables -A INPUT -s 100.100.100.100 -i enp4s0 -p tcp -m owner --gid-owner openvpngroup --dport 443 -j ACCEPT
sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A OUTPUT -o tun0 -j ACCEPT
Run openvpn:
Code: Select all
sudo openvpn --group openvpngroup --daemon --config "$VPNFOLDER/$ovpn" --auth-user-pass "$PASSWORDFILE"