killswitch Commercial VPN with firewall-cmd


I surf with Commercial VPN, with killswitch option activated.

However, the killswitch option of Commercial VPN of this often not working :\and connection still occurs with no VPN, with.

Opensuse leap works with firewallD
I wish to configure strongly a killswitch option with help of firewalld (not iptables !:X) : blocking all connection in or out if my Commercial VPN disconnect, and launch firewalld config at boot.

Can you help me ?:slight_smile:
Thanks :wink:

I think no firewall is needed, just no default route.

How to do it depends on how your network is managed: Are you using wicked or NetworkManager?

i use NetworkManager.

What do you mean ‘no default route’ ?

Default routes are the routes IP traffic takes when there is no other more specific route or route with a lower metric.
You can get a list of your routing table using “ip route” and it will list the default route at the top

To get this working I would:

  1. Get the IP address of the VPN server you need want to connect to (a.b.c.d)
  2. Change your network interface so that it does not have a default route but can connect to the VPN server

Maybe you can find it out yourself but to help you further we will need to know more details like the output of “ip route” (edit out IP addresses you do not want to share) and the output of “nmcli connection”.
Please use Code Tags Around Your Paste when posting the output and include the command itself.

Assign “normal” interfaces to firewall zone that blocks everything (well, you probably need to allow at least traffic to your VPN server, otherwise no VPN connection will be possible). Assign your VPN interface to zone that allows traffic that you need. Then you will automatically get your “killswitch” - everything blocked unless VPN interface is available.