Optional : Block output if vpn is down

[slobberbone]

Hi,
Thank for your great work about this container !
Is it possible to add the possibility to force to block all traffic if the vpn goes doown ?

From my point of view : add a environment for enable this feature and another one to set the vpn ip (additionnal of OPENPVN_CONFIG which look like cn.norvpn.com.tcp.443, another one like OPENVPN_SERVER_IP=cn.nordvpn.com for exemple,
Once done, you need install iptables (and dnsutils to check)

and apply these rules :

iptables -A OUTPUT -j DROP
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -s $OPENVPN_SERVER_IP -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -d $OPENVPN_SERVER_IP -j ACCEPT

Then to check if it works :

a loop :
#!/bin/bash
while true
do
dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short
done

and run killall openvpn several time you will see, you never have another public ip than the vpn one ...

I think it's better to add this in your project than fork it ... what do you think about that ?