diff --git a/client/platforms/linux/daemon/linuxfirewall.cpp b/client/platforms/linux/daemon/linuxfirewall.cpp index 393c24f2..96194bc7 100644 --- a/client/platforms/linux/daemon/linuxfirewall.cpp +++ b/client/platforms/linux/daemon/linuxfirewall.cpp @@ -196,6 +196,8 @@ QStringList LinuxFirewall::getDNSRules(const QStringList& servers) result << QStringLiteral("-o amn0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server); result << QStringLiteral("-o tun0+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server); result << QStringLiteral("-o tun0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server); + result << QStringLiteral("-o tun2+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server); + result << QStringLiteral("-o tun2+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server); } return result; } @@ -277,6 +279,7 @@ void LinuxFirewall::install() installAnchor(Both, QStringLiteral("200.allowVPN"), { QStringLiteral("-o amn0+ -j ACCEPT"), QStringLiteral("-o tun0+ -j ACCEPT"), + QStringLiteral("-o tun2+ -j ACCEPT"), }); installAnchor(IPv4, QStringLiteral("120.blockNets"), {}); diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp index bb8a4182..6dd0071e 100644 --- a/ipc/ipcserver.cpp +++ b/ipc/ipcserver.cpp @@ -228,6 +228,8 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd #ifdef Q_OS_LINUX // double-check + ensure our firewall is installed and enabled + if (!LinuxFirewall::isInstalled()) + LinuxFirewall::install(); LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("000.allowLoopback"), true); LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("100.blockAll"), blockAll); LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), allowNets);