I'm switching from Mint 21.3 to Debian 12, but I'm having trouble getting my firewall killswitch to work. I'm using nordvpn with their proprietary version of wireguard called nordlynx. My UFW firewall is crude but effective as it just involves deny incoming and deny outgoing, with one rule added: allow out on nordlynx from any to any. I use a script I wrote to connect to the vpn which temporarily allows outgoing to make the connection, then changes it back to deny outgoing. On Mint 21.3 this works perfectly, but on Debian 12 once it is set to deny outgoing it won't allow any connection despite the existence of the allow rule. I guess the assistance I'm looking for is:
Does anyone know why this would work in Mint but not Debian? Mint is still on UFW 36.1, Debian is on 36.2.
If it can't be fixed in UFW, does anyone have a basic NFT script that would work? I made the script below with the same result as UFW, but nftables/iptables are i bit above my head. The script is probably incomplete, or the syntax might be off. Weirdly, it seems that debian isn't recognizing the existence of the "nordlynx" virtual interface despite it showing up with ifconfig. Any help would be appreciated.
Does anyone know why this would work in Mint but not Debian? Mint is still on UFW 36.1, Debian is on 36.2.
If it can't be fixed in UFW, does anyone have a basic NFT script that would work? I made the script below with the same result as UFW, but nftables/iptables are i bit above my head. The script is probably incomplete, or the syntax might be off. Weirdly, it seems that debian isn't recognizing the existence of the "nordlynx" virtual interface despite it showing up with ifconfig. Any help would be appreciated.
Code:
#!/usr/sbin/nft -fflush rulesettable inet filter {chain input { type filter hook input priority 0; policy drop; iif "lo" accept ct state {established, related} accept}chain forward {type filter hook forward priority 0; policy drop;}chain output { type filter hook output priority 0; policy drop; oifname "nordlynx" accept}}Statistics: Posted by bazzab — 2024-08-07 19:16 — Replies 2 — Views 21