How would I setup a Firewall for macOS 10.12 that would disable the internet unless I was connected to my VPN? Windscribe automatically does this through its app, but I like connecting to the VPN using macOS's built-in VPN functionality and not the app. Earlier today my VPN lost connection while I was torrenting and I got an angry email from Cox!
3
-
I have an Idea but its also wise to use a seedbox as well as a private torrent site because more public trackers are what gets these types of letters sent.– NetworkKingPinCommented Apr 28, 2017 at 5:56
-
Seedbox? And where would i find such a private torrenting site?– Thor CorreiaCommented Apr 28, 2017 at 22:03
-
I would just do a Google cant really specify private torrents sites as it may be against the rules. As for a seedbox it would allow you to use a client such as Deluge on a server not on your ISP which then you can FTP into your Server or the "SeedBox" and move the files to your computer which are encrypted. Just google some seedbox. I recommend this provider which has seedbox clients as well as cloud and other solutions.– NetworkKingPinCommented Apr 29, 2017 at 4:14
Add a comment
|
1 Answer
One proven solution to this is to create a blackhole route. A blackhole route is a static route which discards all traffic (the target is a 'black hole').
I am not proficient in MacOSX but as a *nix OS you can probably create static routes. The idea is to create a route to the private subnet behind your VPN (for example, to 192.168.30.0/24) with the null or bh device as target. It is important that the distance parameter of this blackhole route is set to 254 - any other route to this subnet, like the one set by your VPN software, then has a smaller distance.
As long as the VPN software is running there will be 2 routes to the target subnet; but only the less expensive one with a smaller distance will be active. This will always be the one pointing to the VPN. If the VPN software is not running only the blackhole route will stay, discarding all traffic.
On a hardware firewall or router you would in fact install blackhole routes for all private subnet address ranges in RFC1918 to cover all present and future VPNs.
