Networking with Extreme Predjudice.

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
Level 2
Level 2
Posts: 58
Joined: Sun Apr 20, 2014 12:58 pm

Networking with Extreme Predjudice.

Post by pendrifter » Thu Jan 25, 2018 6:09 pm

My problem, simply put: I want specific applications to interact with specific connections, and only those connections. I want QBittorrent (and assorted others) to interact with open vpn connections only, and become isolated from network access if those vpn connections are dropped. Conversely, I want everything else (Thunderbrid, certain Firefox profiles, etc) to connect to, and only to, my main ISP, and have zero interaction with any open vpn connections.

I can open a vpn connection, and then bind QBittorrent to it in advanced settings, and QB will use it, but:

1. If the vpn connection drops, QB will start using the unencrypted ISP connection, and...
2. Other apps like TBird will start using the vpn connection if/when it's open, which I do not want to occur. At all.

Google mail, in particular, will instantly lock-down my accounts if it gets a login attempt over the vpn connect, even with the correct credentials. Admirably paranoid, but something I'd like to avoid. My bank will react similarly.

On A Side Note: Can anybody recommend a good overview of Linux networking that does not go into ridiculous granularity? There are large gaps of knowledge I would to fill without having to get another four year degree, if possible. Any assistance is appreciated, thank you.
Kernel: 4.15.0-36-generic x86_64 bits: 64
Desktop: Xfce 4.12.3
Distro: Linux Mint 19 Tara

Level 3
Level 3
Posts: 195
Joined: Wed Dec 13, 2017 11:14 am
Location: NL/DE/TH

Re: Networking with Extreme Predjudice.

Post by Pippin » Thu Jan 25, 2018 7:24 pm

You looking for kill switch.
You could look into Netfilter (iptables) owner match extension and use it to restrict access based on pid.

Code: Select all

PID=cat /var/run/
iptables -A OUTPUT -o enp1s0 -m owner --pid-owner $PID -j DROP
Looking at the firewall GUI, it doesn`t seem to have owner match.
You would have to find a way to correctly insert the rules into the firewall.
"I'm not in this world to live up your expectations, neither are you here to live up to mine.”
F.P. & P.T.

Post Reply

Return to “Other networking topics”