# UFW VPN KILLSWITCH TUTORIAL
This is a quick guide for setting up a killswitch using UFW (Uncomplicated FireWall).
It is assumed you are using OpenVPN and optionally Network-Manager with network-manager-openvpn.

## 1. (Optional) IP Addresses
Before we can start we're going to need the IP address (or the IP addresses) of your VPN so that we can whitelist those later on, write them down. They are obviously going to be different for every VPN and VPNs with multiple servers, so I'll leave this up to you.

## 2. Install & Enable UFW
On some systems UFW is installed and enabled by default (Ubuntu, for example). Installation procedure is going to be different for every distribution of GNU/Linux, but once you've got it installed enabling it is easy (assuming you have sudo):

    sudo ufw enable
    
## 3. Block All Traffic
Block all outgoing traffic:

    sudo ufw default deny outgoing
    
And also block all incoming traffic:

    sudo ufw default deny incoming
    
## 4. Make an exception for OpenVPN
It is assumed you are using TUN as a network adapter (if you're unsure you most definitely are).
Allow outgoing traffic on tun0:

    sudo ufw allow out on tun0 from any to any

And optionally allow incoming traffic on tun0 (if you're a seeder, for example):

    sudo ufw allow in on tun0 from any to any
    
## 5. (Optional) Make an exception for your VPN
At this point you're technically done, but with this setup you would need to disable UFW every time OpenVPN needed to connect to your VPN and then re-enable UFW when it has connected. Instead of doing that you could add the IP addresses mentioned earlier as exceptions to UFW.

To add a single IP:

    sudo ufw allow out from any to 123.123.123.123
    
To add a range, us a mask:

    sudo ufw allow out from any to 123.123.123.0/24

## 6. Check that it's working

    sudo ufw status

## 7. You're done!
Congratulations, you've configured a VPN Killswitch on your GNU/Linux system!