![]() ![]() PreDown = iptables -D OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL ! -d 192.168.42.0/24 -j REJECT Assuming your local network's address range is 192.168.42.0/24, you could modify the Mullvad killswitch to PostUp = iptables -I OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL ! -d 192.168.42.0/24 -j REJECT So, when you try to connect (via SSH) from a local network, the responses are blocked. are marked with $(wg show %i fwmark) (Wireguard's UDP packets), or.go out over the Wireguard network interface, or.So, it inserts a rule at the top of the OUTPUT filter chain and basically blocks everything except for packets that PreDown = ip6tables -D OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT PostUp = ip6tables -I OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT Mullvad's killswitch is equivalent to this: PostUp = iptables -I OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT Sudo ip6tables -A OUTPUT -o mullvad+ -j ACCEPTÄ«TW: You can have multiple PostUp/PreDown lines. Sudo iptables -A OUTPUT -o wlan+ ! -d 193.138.218.74 -p tcp -dport 53 -j DROP Sudo iptables -A OUTPUT -o wlan+ -p tcp -m multiport -dports 53 -d 193.32.249.66/32 -j ACCEPT Sudo iptables -A OUTPUT -o mullvad+ -j ACCEPT ![]() My current PostUp is this (without the line breaks): sudo iptables -P OUTPUT DROP My RPi is connected to the internet through WiFi (wlan0, 192.168.1.x) and to my computer through an ethernet wire (eth0, .x). Is there an iptables command/trick I can use to unblock this connection and/or allow all connections from LAN (in my case it would be 192.168.1.x or .x)? However, I can't esablish an FTP, SSH or web (qbittorrent web ui) connection either over it's wlan0 interface (connected to my WiFi network that my computer is also connected to) or it's eth0 interface (connected from the RPi to my PC). I used their quick Wireguard setup + added a kill switch they provided me. I have my RPi set up as a seedbox, and it is connected to the internet through Mullvad's nl1 Wireguard server (you can find details about it here) ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |