Sorry to repoen an old post…
I am using the nordvpn app so as to utilise the wireguard connection type (the speed difference compared with ovpn being the sole reason)
I am essentially looking for either an iptable rule such as that above, or a simple script to kill a service and therefor create a de facto killswitch to deluged.
I am a linux noob, apologies.
When I add the iptable rules above (changing tun0 to nordlynx as that is the network interface name) it kills all connectivity (local and wan) i can’t even ping my router.
I note that the nordlynx interface shows ‘UNKNOWN’ state. not up or down, but only exists as an interface when the connection is up.
So essentially i want to either run a script to kill my deluged service if the ‘nordlynx’ inteface does not exist, or a persistent iptable rule that will only allow WAN traffic when the nordlynx interface exists.
I had toyed with the idea of a script that only allows deluged to run when the Nordvpn service is running, but the service runs even when the actual connection has been dropped.
I’ve seen another thread in here that uses a cron job to ping a specific interface, but tbh it was all a bit over my head!
apologies again, i’m sure i’ve not explained this sufficiently well or provided specific enough information.
In summary i would like to achieve
- LAN access for samba/ssh at all times (regardless of VPN state)
- WAN access only when the network interface ‘nordlynx’ exists
I’m not too concerned about having to manually restart everything if the nordlynx interface is lost, my primary concern is not to end up with deluged accessing eth0 and revealing my IP. Obviously if everything could be set up to come back online automatically then that would be great.
I have also read that the dietpi wireguard has a built in killswitch, but i understand that i would need to manually configure access via wireguard and at present Nordvpn do not provide configuration files. Also i would like to retain the function of the nordvpn app where the ‘best’ server is selected rather than permanently choosing a single server and then writing any iptables rules for that specific ip address