From 0304f70c35ae3fa67de688d4c2b9166595e0ee29 Mon Sep 17 00:00:00 2001
From: Matthew Faltys <mfaltys@gmail.com>
Date: Wed, 5 Jul 2017 10:52:46 -0500
Subject: [PATCH] Add killswitch

---
 Makefile    |  1 +
 deps/run.sh | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index b5aeb30..2c61934 100755
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ run:
 		-d \
 		--name seedpod \
 		--cap-add=NET_ADMIN \
+		--cap-add=NET_RAW \
 		--device=/dev/net/tun \
 		--dns=8.8.8.8 \
 		-p 9091:9091 \
diff --git a/deps/run.sh b/deps/run.sh
index bd38125..a99eefa 100755
--- a/deps/run.sh
+++ b/deps/run.sh
@@ -1,4 +1,18 @@
 #!/bin/ash
 
- openvpn /config.ovpn &
- transmission-daemon --foreground --config-dir /transmission
+
+# add killswitch rules
+iptables -A INPUT -i tun+ -j ACCEPT
+iptables -A OUTPUT -o tun+ -j ACCEPT
+iptables -A INPUT -s 127.0.0.1 -j ACCEPT
+iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
+iptables -A INPUT -p tcp --dport 9091 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 9091 -j ACCEPT
+iptables -I OUTPUT 1 -m owner --uid-owner root -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -m mark ! --mark 0x1 ! -o tun+ -j DROP
+
+# start openvpn with killswitch whitelist mark
+openvpn --mark 1 --config /config.ovpn &
+
+# start transmission
+transmission-daemon --foreground --config-dir /transmission