Networking with Extreme Predjudice.

[pendrifter]

My problem, simply put: I want specific applications to interact with specific connections, and only those connections. I want QBittorrent (and assorted others) to interact with open vpn connections only, and become isolated from network access if those vpn connections are dropped. Conversely, I want everything else (Thunderbrid, certain Firefox profiles, etc) to connect to, and only to, my main ISP, and have zero interaction with any open vpn connections.

I can open a vpn connection, and then bind QBittorrent to it in advanced settings, and QB will use it, but:

1. If the vpn connection drops, QB will start using the unencrypted ISP connection, and...
2. Other apps like TBird will start using the vpn connection if/when it's open, which I do not want to occur. At all.

Google mail, in particular, will instantly lock-down my accounts if it gets a login attempt over the vpn connect, even with the correct credentials. Admirably paranoid, but something I'd like to avoid. My bank will react similarly.

On A Side Note: Can anybody recommend a good overview of Linux networking that does not go into ridiculous granularity? There are large gaps of knowledge I would to fill without having to get another four year degree, if possible. Any assistance is appreciated, thank you.

[Pippin]

You looking for kill switch.
You could look into Netfilter (iptables) owner match extension and use it to restrict access based on pid.
Example:

Code: Select all

PID=cat /var/run/QB.pid
iptables -A OUTPUT -o enp1s0 -m owner --pid-owner $PID -j DROP

Looking at the firewall GUI, it doesn`t seem to have owner match.
You would have to find a way to correctly insert the rules into the firewall.