Optional : Block output if vpn is down

[slobberbone]

Hi, Thank for your great work about this container ! Is it possible to add the possibility to force to block all traffic if the vpn goes doown ?

From my point of view : add a environment for enable this feature and another one to set the vpn ip (additionnal of OPENPVN_CONFIG which look like cn.norvpn.com.tcp.443, another one like OPENVPN_SERVER_IP=cn.nordvpn.com for exemple, Once done, you need install iptables (and dnsutils to check)

and apply these rules :

iptables -A OUTPUT -j DROP iptables -A INPUT -i tun0 -j ACCEPT iptables -A FORWARD -i tun0 -j ACCEPT iptables -A INPUT -s $OPENVPN_SERVER_IP -j ACCEPT iptables -A OUTPUT -o tun0 -j ACCEPT iptables -A OUTPUT -d $OPENVPN_SERVER_IP -j ACCEPT

Then to check if it works :

a loop : #!/bin/bash while true do dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short done

and run killall openvpn several time you will see, you never have another public ip than the vpn one ...

I think it's better to add this in your project than fork it ... what do you think about that ?