Does network lock work like really strict firewall?

[keikari 9]

Hi, I'm trying to learn basics of understanding how to set up/use firewall. I started wondering would my system be safe if I didn't had any other firewall rules than ones the network lock creates? And if not, why?

Also bit out of topic, but is there any reason to favor firewalld over iptables? Or is it just created to make things simpler? And if I want to configure firewall with iptables are there any important differences in running firewalld.service or iptables.service?

[BlueBanana 39]

As you are referencing to iptables, i assume you are using a Linux based OS.

Yes, with network lock enabled you are safe even without an additional firewall (UFW for example).
Network lock is based on IP Tables; it works in a proactive way, preventing traffic from leaking outside of the VPN tunnel. So with Network Lock enabled an no VPN connection --> no Internet.

It is unlike an ordinary "Kill Switch" that just reacts when the VPN connection drops.

Of course you can make your own firewall by creating iptables or UFW rules, but personally i wouldn't use UFW/iptables  along with Network Lock, just to prevent any possible interferences.

Regards

BB

[iwih2gk 94]

Do both, that is what I do.  I will avoid the technical "how to" but its really easy to do.  With 2 posts I don't know where you are on abilities to write simple UFW firewall rules.  I use Eddie on several linux family machines.  I set up totally internet blocked firewalls on these machines.  Eddie running on the linux Desktop (Debian) will create its own firewall when its launched and will TEMPORARILY store my UFW firewall as a backup (done automatically in the background).  When I close Eddie MY original firewall rules are reset so that my machines cannot ever access the internet under any circumstances without an AirVpn tunnel.  For my machines this additional safety measure means that a family member cannot mount the computer and then go online while being outside an AirVpn tunnel.  They have no clue or desire to learn how to mount UFW in a terminal and disable the firewall manually.  They have learned to click on the AirVpn Icon on the Desktop and then enter the Admin password to launch it.  I have Eddie set to auto connect to the desired server so they just sit there and enjoy an easy connection and safe surfing.  So simple and compels their security whether the want it or not, LOL!!