Help Center
Kill Switch using the Uncomplicated Firewall (UFW)
This guide shows you how to setup a firewall (similar to a ‘kill switch’) using the UFW to protect against packets leaking if the VPN fails for any reason.
-
Start by installing UFW:
# sudo apt-get update # sudo apt-get install ufw
-
Enable UFW:
# sudo ufw enable
-
Block all outgoing traffic:
# sudo ufw default deny outgoing
…and all incoming traffic:
# sudo ufw default deny incoming
-
Allow traffic through VPN tunnel:
# sudo ufw allow out on tun0 from any to any # sudo ufw allow in on tun0 from any to any
-
Choose the IVPN server you will be connecting to and make an exception for it in UFW.
Let’s assume you choose Germany server. Navigate to the Server Status page, find & resolve its domain name:# nslookup de1.gw.ivpn.net
The output will be the IP addresses, which you need to specify in the UFW exception rule:
# sudo ufw allow out from any to resolved.ip.address.here
If you do not have or do not wish to use i.e. public DNS or the one provided by your ISP (skip this step if otherwise), update your hosts file accordingly:
# echo "resolved.ip.address.here de1.gw.ivpn.net" | sudo tee -a /etc/hosts
-
You’re done! In case you need to reset those rules and start anew:
# sudo ufw reset
You can additionally disable IPv6:
# echo 'net.ipv6.conf.all.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
# echo 'net.ipv6.conf.default.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
# echo 'net.ipv6.conf.lo.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
# sudo sysctl -p
…and reverse those changes by editing /etc/sysctl.conf, and deleting those lines.
Related Articles
- IVPN on Qubes OS
- Cannot import .ovpn config file
- How do I prevent VPN leaks using iptables?
- Autostart OpenVPN in systemd (Fedora)
- Linux - Fedora Silverblue
Still have questions?
Get in touch and we'll get back to you in a few hours.
Contact supportInterested in privacy?
Read our latest privacy news and keep up-to-date on IVPN services.
Visit IVPN Blog