RE: VPN kill switch

@davedanger I open the terminal> execute ./unfirewall.sh > connect to vpn via GUI> use ./firewall.sh> and then close the terminal. ufw doesnt require the terminal to be open after the commamds have been executed. Both .sh files are inside the home directory.

i saw your post "Auto Execute Startup Scripts" just now. Here the terminal doesnt need to be kept open. Although I do get the following warnings

WARN: /etc is group writable!
WARN: / is world writable!
WARN: / is group writable!
WARN: /lib is world writable!
WARN: /lib is group writable!
WARN: /usr is world writable!
WARN: /usr is group writable!

And my ufw was enabled by default since the fist installation (OTA-19). Although in my ut tweak tools, "make image writable" can be set to read-only.

Hi good people of ubports!

I have a question regarding vpn kill switch. I run 2 scripts with a set of commands as follows:

i use the below commands before connecting to my VPN

sudo ufw reset
sudo ufw deny incoming
sudo ufw deny forward
sudo ufw allow outgoing
sudo ufw enable

And is in a file called unfirewall.sh

I use the below commands after connecting to the vpn so that there is no leak.

sudo ufw default deny incoming
sudo ufw default deny forward
sudo ufw default deny outgoing
sudo ufw allow out on tun0 from any to any
sudo ufw enable

And this is in a file called ./firewall.sh

I run ./unfirewall.sh from the terminal, connect to the vpn and run ./firewall.sh from the terminal again. My question is, is there a way to make an executable icon called "on" (for ./firewall.sh) and "off" (for ./unfirewall.sh) and put it in the app drawer so that i dont have to use the terminal to do it every time my vpn disconnects?

When vpn is connected with a kill switch, certain processess like ubuntu push notification and pantalimon (and may be other processess) are still associated with the old gateway and not the VPN gateway.
When sudo netstat -tunlpaw is issued in the terminal
Certain processess are ESTABLISHED with the router gateway address (for ex: 192.168.1.xx) and
sudo kill -HUP xxxx (where xxxx is the PID number of the process) needs to be issued to re-associate this process to the VPN gateway.
Sometimes that doesnt work and sudo kill xxxx (without -HUP option) needs to be issued to kill the process running outside of VPN. Is there a solution for this where i dont have to constantly use this workaround everytime my VPN connection drops ?

PS: my kill switch uses ufw with the following:

Below is run after VPN connection is established

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default deny forward
sudo ufw default deny outgoing
sudo ufw allow out on tun0 from any to any
sudo ufw enable

And i use the below commands before reconnecting to my VPN

sudo ufw reset
sudo ufw deny incoming
sudo ufw deny forward
sudo ufw allow outgoing
sudo ufw enable

@thilov I am not sure if your issue is solved, but I think I noticed something similar. When you connect to the vpn and especially use a kill switch, the ubuntu push notification ( and also pantalimon and may be other processess unrelated to notifications) are still associated with the old gateway and not the VPN gateway. You can can do the following:
sudo netstat -tunlpaw
and look for the processess ESTABLISHED with your old gateway address (for ex: 192.168.1.xx)
Then use sudo kill -HUP xxxx where xxxx is the PID number of the process identified in the previous process.
This should reassociate the process to the new gateway. If not try sudo kill xxxx without -HUP option. Notification process will reassociate after a while. Hope this helps.