Jump to content
TorGuard

How to create real kill switch on the OS X

Rate this topic


OMAR_2

Recommended Posts

This hack will create PF firewall rules on mac that will only allow in/out traffic to single IP (TG's VPN server in this case).
When disconnect happens, you won't be able to surf, and only pinging that IP works.

1) Open Temrinal and type this

sudo nano /etc/pf.conf
 
Enter your admin password after that, and PF file will open
 
2) Scroll to the bottom, and add the following at the bottom
 
---------
block out on en0 from 192.168.0.0/16 to any
block out on en3 from 192.168.0.0/16 to any
pass out quick on en0 from 192.168.0.0/16 to 178.162.216.8 pass out quick on en3 from 192.168.0.0/16 to 178.162.216.8 pass out quick on utun0 from any to any
---------
 
These rules will block traffic on ethernet and on wifi, unless that traffic is going towards 178.162.216.8 (IP of TG's for example) or unless VPN is connected (last line), then traffic is allowed.
Here utun0 is name of our virtual VPN adapter, and en0 and en3 are names of ethernet and wifi.
You can find out those names by running “ifconfig†in terminal.


3) Enable PF, by running in termial: 
sudo pfctl -e
 
4) Load the rules 
sudo pfctl -f /etc/pf.conf
 
Now if VPN gets disconnected, you won't have access to internet, not counting the IP address specified before
 
5) To regain Internet access, disable PF in terminal sudo pfctl -d
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...