My problem, simply put: I want specific applications to interact with specific connections, and only those connections. I want QBittorrent (and assorted others) to interact with open vpn connections only, and become isolated from network access if those vpn connections are dropped. Conversely, I want everything else (Thunderbrid, certain Firefox profiles, etc) to connect to, and only to, my main ISP, and have zero interaction with any open vpn connections.
I can open a vpn connection, and then bind QBittorrent to it in advanced settings, and QB will use it, but:
1. If the vpn connection drops, QB will start using the unencrypted ISP connection, and...
2. Other apps like TBird will start using the vpn connection if/when it's open, which I do not want to occur. At all.
Google mail, in particular, will instantly lock-down my accounts if it gets a login attempt over the vpn connect, even with the correct credentials. Admirably paranoid, but something I'd like to avoid. My bank will react similarly.
On A Side Note: Can anybody recommend a good overview of Linux networking that does not go into ridiculous granularity? There are large gaps of knowledge I would to fill without having to get another four year degree, if possible. Any assistance is appreciated, thank you.
Networking with Extreme Predjudice.
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
- Level 3
- Posts: 148
- Joined: Sun Apr 20, 2014 12:58 pm
Networking with Extreme Predjudice.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
OS: Linux Mint 21.2 x86_64
Host: 82TD Legion 7 16IAX7
Kernel: 6.2.0-34-generic
Host: 82TD Legion 7 16IAX7
Kernel: 6.2.0-34-generic
Re: Networking with Extreme Predjudice.
You looking for kill switch.
You could look into Netfilter (iptables) owner match extension and use it to restrict access based on pid.
Example:
Looking at the firewall GUI, it doesn`t seem to have owner match.
You would have to find a way to correctly insert the rules into the firewall.
You could look into Netfilter (iptables) owner match extension and use it to restrict access based on pid.
Example:
Code: Select all
PID=cat /var/run/QB.pid
iptables -A OUTPUT -o enp1s0 -m owner --pid-owner $PID -j DROP
You would have to find a way to correctly insert the rules into the firewall.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp