Skip to content

Some notes on Ubuntu Desktop Security

Jump to bottom
Andy Bond edited this page Mar 4, 2020 · 3 revisions

abStartupManager's aim is to ensure VPN Connectivity is maintained; however additional measures are needed to ensure more complete protection

DNS Leaks

To protect against DNS Leaks use DNS servers provided by your VPN Provider

This can be done like this...(Ubuntu Desktop, Setup Static Address)

  1. Select '''Settings > Network''' then click the Gear Icon next to '''Wired'''
  2. in the IPv4 tab set
  • IPV4 Method to Manual
  • Address to 192.168.1.113 (eg, as required)
  • Netmask to 255.255.255.0, and
  • Gateway to 192.168.1.1 (eg: Address of router)
  • DNS to 103.86.96.100, 103.86.99.100 (eg: NordVPN DNS Servers)

Killswitch using IPTABLES

Killswitch using IPTABLES can be achieved by running the script (below). This script also installs ''iptables-persistent'' and ''netfilter-persistent'' to ensure that IPTABLES config is maintained between reboots.

The script requires sudo rights

#!/bin/bash
echo ''
echo 'Installing firewall'
echo '==================='
#Allow loopback device (internal communication)
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

#Allow all local traffic.
sudo iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

#Allow VPN establishment
sudo iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp --sport 1194 -j ACCEPT
#Uncomment next two lines to enable VPN via TCP
#sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
#sudo iptables -A INPUT -p tcp --sport 443 -j ACCEPT

#Accept all TUN connections (tun = VPN tunnel)
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i tun+ -j ACCEPT

#Set default policies to drop all communication unless specifically allowed
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP
sudo iptables -P FORWARD DROP

#Save the configuration
sudo iptables-save > /etc/iptables/rules.v4
sudo ip6tables-save > /etc/iptables/rules.v6

#Setup persistance
sudo apt install iptables-persistent netfilter-persistent

After performing the above configuration the Ubuntu PC will only be able to connect to the internet through the VPN connection and will be able to access local network.

Clone this wiki locally