On Wed, 24 Apr 2019 11:11:47 -0700
Paul Fontenot <wpfontenot@xxxxxxxxxxx> wrote:
> Good afternoon,
>
> How would one force all traffic out of a particular interface? I am
> trying to force all traffic out of a vpn interface but I'm not having
> any luck - if I change the default policy from accept to drop and try
> this block below I get nothing :/
Generally speaking, in order to direct non-local traffic out through a VPN, and block traffic when the VPN is down, you should:
ROUTING:
- Set the VPN as the default route; all non-local traffic will flow across
the VPN.
OUTPUT chain:
- Accept NEW outbound VPN conns on the IF that the VPN uses (if you allow them).
- Accept ESTABLISHED outbound VPN traffic.
- Accept outbound ARP/ICMP/DHCP/etc. traffic/conns and other traffic that must
flow across the IF that the VPN uses.
- Block all other outbound conns on the IF that the VPN uses.
INPUT chain:
- Accept NEW inbound VPN conns on the IF that the VPN uses (if you allow them).
- Accept ESTABLISHED inbound VPN traffic.
- Accept inbound ARP/ICMP/DHCP/etc. traffic/conns and other traffic that must
flow across the IF that the VPN uses.
- Block all other inbound conns on the IF that the VPN uses.
