Jump to content
Not connected, Your IP: 160.79.111.50
AirVPN
Condobloke

Switch to prevent d'load when unconnected to eddie

By Condobloke, ... in Troubleshooting and Problems

Recommended Posts

Condobloke    1

Condobloke
Posted ... (edited)

I must be getting old.

Twice this week, I have double clicked on a link from showrss, and a download has started.

Problem?......I do not have eddie running.
Is there a setting to prevent the download happening, when eddie is not fired up and running ?

Brian

Edited ... by Condobloke
old age...forgot something...oops....no I didn't

Share this post

Link to post

Staff    10126

Staff
Posted ...
34 minutes ago, Condobloke said:

Is there a setting to prevent the download happening, when eddie is not fired up and running ?


Hello!

If you run Windows please see here: https://airvpn.org/forums/topic/69097-permanent-kill-switch-for-eddie-client/

Similar rules can be enforced with any other system with the respective firewall. If you do not run Windows feel free to tell us your Operating System name, version and firewall.

Kind regards
 

Share this post

Link to post

Staff    10126

Staff
Posted ... (edited)

Hello!

For the readers' comfort we paste here an answer by the support team to the OP, whose system is Linux Mint 22.1.
 

Quote

 

Hello and thank you for your choice!

Your system is based on nftables but ufw will rely on iptables translations. This could cause some trouble so we would recommend that you keep ufw disabled and enforce "blocking" rules through nft. For your purposes, we think that you need to block all outgoing traffic, except for DHCP and local network, is it right? If so, consider this while Eddie is NOT running: 


# Clear any existing nftables rules
sudo nft flush ruleset

# Create a new table for filter rules
sudo nft add table inet filter

# Create a chain for outgoing traffic (the default one for filtering)
sudo nft add chain inet filter output { type filter hook output priority 0 \; }

# Allow DHCP traffic (UDP ports 67 and 68)
sudo nft add rule inet filter output udp dport 67 accept
sudo nft add rule inet filter output udp sport 68 accept

# Allow local network traffic (adjust network range according to your own local subnet!)
sudo nft add rule inet filter output ip daddr 192.168.0.0/16 accept
sudo nft add rule inet filter output ip6 daddr fc00::/7 accept

# Block all other outgoing traffic
sudo nft add rule inet filter output drop


When you enable Network Lock, the above rules will be deleted and only traffic to VPN servers is allowed. When you shut down Eddie, or disable Network Lock, the above rules will be restored.

Then, you need to make the above rules persistent across reboots. 


# Save the rules
sudo nft list ruleset > /etc/nftables.conf

# Make sure that nftables service is enabled by systemd:
sudo systemctl enable nftables


Reboot the system and verify that the rules are still in place and that your system can communicate only with the local network and not to the Internet: 


sudo nft list ruleset

 

Start Eddie and activate Network Lock to restore external connectivity to VPN servers only.


Kind regards


 

Edited ... by OpenSourcerer
Apply quote formatting to quote

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...