is this a good script for stopping dns leaks and killswitch and a ip firewall script

[hulltech]

I found this on the net while looking for a way to install an openvpn GUI to handle all the servers in a list file and ran across this.
http://www.reddit.com/r/VPN/comments/28 ... ther_vpns/

vpnon.sh

#!/bin/bash
IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
####
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server
iptables -A INPUT -s 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server
iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #make sure that you can communicate within your own network
iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure that eth+ and tun+ can communicate
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # in the POSTROUTING chain of the NAT table, map the tun+ interface outgoing packet IP address, cease examining rules and let the header be modified, so that we don't have to worry about ports or any other issue - please check this rule with care if you have already a NAT table in your chain
iptables -A OUTPUT -o eth0 ! -d $IP -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects
exit 1
done

Then vpnoff.sh when openvpn stop

iptables -F



there were a few comments about IP=$(curl ifconfig.me)


here is the iptable for the firewall script I found as well here is the ipfarewall script I found;



(they say it must not be copied to temp after each reboot) and now it is possibe to prevent IP-leaks with iptables:

create a file called firewall-start with:

#!/bin/sh
iptables -I INPUT -p udp --dport 68 -j ACCEPT
iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o eth0 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE


and copy it to jffs/scripts.


are these scripts correct. can someone take a look at them to see if they are and if so can they be incorporated into the firmware.

 

[hulltech]

here is another vpn script for a killswitch ;


using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace InternetKillSwitch
{
public partial class Form1 : Form
{

IPHostEntry host;
string localIP = "?";
bool vpnON = false;
int timerCount = 0;
public Form1()
{
InitializeComponent();
}

private void button1_Click(object sender, EventArgs e)
{
button2.Enabled = true;
button1.Enabled = false;
textBox1.Enabled = false;

timer1.Start();
}

private void button2_Click(object sender, EventArgs e)
{
button2.Enabled = false;
button1.Enabled = true;
textBox1.Enabled = true;
}

private void button3_Click(object sender, EventArgs e)
{

foreach (NetworkInterface nic in NetworkInterface.GetAllNetworkInterfaces())
{
string value = nic.Name;
Process.Start("cmd.exe", "/c netsh interface set interface \"" + value + "\" ENABLED"); //This should enable the interfaces again but for some reason doesnt work.
}
MessageBox.Show("All network adapters have been re-enabled. InternetKillSwitch is OFF.");
}

private void checkVPN()
{
vpnON = false;
if (textBox1.Text != "")
{
IPHostEntry host;
string localIP = "?";
host = Dns.GetHostEntry(Dns.GetHostName()); //This gets what your current IP Address is
foreach (IPAddress ip in host.AddressList)
{
if (ip.AddressFamily.ToString() == "InterNetwork")
{
localIP = ip.ToString();
if (ip.ToString() == textBox1.Text) //Returns true if the VPN Address typed matches the IP from the system
{
vpnON = true;
timer1.Start(); //Restart the timer since the check was good
}
}
}

if (vpnON == false)
{
//Kill all internet adapters

foreach (NetworkInterface nic in NetworkInterface.GetAllNetworkInterfaces())
{
string value = nic.Name;
Process.Start("cmd.exe", "/c netsh interface set interface \"" + value + "\" DISABLED");

}
MessageBox.Show("WARNING: VPN Address was NOT found. All Network Adapters have been disabled!");
timer1.Stop();
button2.Enabled = false;
button1.Enabled = true;
textBox1.Enabled = true;
}
}
}

private void timer1_Tick(object sender, EventArgs e) //This is the function to continuously check for VPN Connectivity, default check is every 5 seconds
{
timerCount = timerCount + 1;
if (timerCount > 5)
{
timer1.Stop();
checkVPN();
timerCount = 0;
}
}
}
}


this is from http://www.codeproject.com/Tips/834749/VPN-Kill-Switch

The Code Project Open License (CPOL)


they have a desktop application as well