killswitch: Blocks all traffic

Installed on OSX Sierra 10.12.5 but blocks all outbound traffic:

  • The first ping is across the VPN after it has been established (high latency I know)
  • Then I enable killswitch
  • Final ICMP traffic is blocked. I have tried IP address as well so it is not just DNS resolution, all traffic is blocked.
$ ping google.com
PING google.com (172.217.22.174): 56 data bytes
64 bytes from 172.217.22.174: icmp_seq=0 ttl=55 time=511.271 ms
64 bytes from 172.217.22.174: icmp_seq=1 ttl=55 time=588.272 ms
64 bytes from 172.217.22.174: icmp_seq=2 ttl=55 time=436.001 ms
64 bytes from 172.217.22.174: icmp_seq=3 ttl=55 time=461.739 ms
64 bytes from 172.217.22.174: icmp_seq=4 ttl=55 time=537.670 ms
64 bytes from 172.217.22.174: icmp_seq=5 ttl=55 time=421.272 ms
^C
--- google.com ping statistics ---
7 packets transmitted, 6 packets received, 14.3% packet loss
round-trip min/avg/max/stddev = 421.272/492.704/588.272/58.845 ms

07:23 pm xxxxxx@xx-MBA ~
$ sudo killswitch -e
Interface  MAC address         IP
en0        7c:d1:c3:e6:fe:cd   192.168.18.15
utun1                          10.30.1.6

Public IP address: 5.157.7.147

PEER IP address:   5.157.7.146

To enable the kill switch run: sudo killswitch -e
To disable: sudo killswitch -d

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------

No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled

pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
rules cleared
nat cleared
dummynet cleared
0 tables deleted.
0 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset

No ALTQ support in kernel
ALTQ related functions disabled
block drop all
pass quick proto tcp from any to any port = 53 flags S/SA keep state
pass quick proto udp from any to any port = 53 keep state
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 inet proto icmp all icmp-type echoreq code 0 keep state
pass on en0 inet proto tcp from any to 5.157.7.146 flags S/SA keep state
pass on en0 inet proto udp from any to 5.157.7.146 keep state
pass on utun1 all flags S/SA keep state

07:23 pm xxxxxx@xx-MBA ~
$ ping google.com
PING google.com (172.217.22.174): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- google.com ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
07:23 pm xxxxxx@xx-MBA ~
$

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 32 (11 by maintainers)

Most upvoted comments

sudo executes as the root user. I did what you asked and it outputs the user $HOME but when I execute killswitch with sudo look at the timestamp on the .killswitch.pf.conf file in the root $HOME - the exact time I ran killswitch -e

07:27 pm xx@xx-MBA ~
$ sudo /Users/ilium007/home.sh
/Users/ilium007
07:27 pm xx@xx-MBA ~
$
07:27 pm xx@xx-MBA ~
$
07:27 pm xx@xx-MBA ~
$
07:27 pm xx@xx-MBA ~
$ sudo su -
xx-MBA:~ root# ls -la
total 32
drwxr-x---  11 root  wheel  374 Jun  8 10:19 .
drwxr-xr-x  25 root  wheel  850 Jun  4 10:55 ..
-rw-r--r--   1 root  wheel    3 Jul 12  2016 .CFUserTextEncoding
-r--r--r--   1 root  wheel   10 Feb 26  2016 .forward
-rw-r--r--   1 root  wheel  813 Jun  8 18:26 .killswitch.pf.conf     <---------------------------
drwxr-xr-x   3 root  wheel  102 Apr 30 12:56 .oracle_jre_usage
-rw-------   1 root  wheel   42 Jun  8 10:19 .sh_history
-rw-------   1 root  wheel  919 Jun  8 10:19 .viminfo
drwx------   2 root  wheel   68 May  1 19:16 Documents
drwx------+  3 root  wheel  102 May  1 19:16 Downloads
drwx------  14 root  wheel  476 Feb 12 13:36 Library
xx-MBA:~ root# exit
logout
07:27 pm xx@xx-MBA ~
$ sudo killswitch -e
Interface  MAC address         IP
en0        7c:d1:c3:e6:fe:cd   192.168.18.15
utun3                          10.78.10.6

Public IP address: 5.153.234.11

PEER IP address:   5.153.234.10

To enable the kill switch run: sudo killswitch -e
To disable: sudo killswitch -d

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled

pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
rules cleared
nat cleared
dummynet cleared
0 tables deleted.
14 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset

No ALTQ support in kernel
ALTQ related functions disabled
block drop all
pass quick proto tcp from any to any port = 53 flags S/SA keep state
pass quick proto udp from any to any port = 53 keep state
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 inet proto icmp all icmp-type echoreq code 0 keep state
pass on en0 inet proto tcp from any to 5.153.234.10 flags S/SA keep state
pass on en0 inet proto udp from any to 5.153.234.10 keep state
pass on utun3 all flags S/SA keep state

07:28 pm xx@xx-MBA ~
$ sudo su -
xx-MBA:~ root# ls -la
total 32
drwxr-x---  11 root  wheel  374 Jun  8 10:19 .
drwxr-xr-x  25 root  wheel  850 Jun  4 10:55 ..
-rw-r--r--   1 root  wheel    3 Jul 12  2016 .CFUserTextEncoding
-r--r--r--   1 root  wheel   10 Feb 26  2016 .forward
-rw-r--r--   1 root  wheel  814 Jun  8 19:28 .killswitch.pf.conf     <---------------------------
drwxr-xr-x   3 root  wheel  102 Apr 30 12:56 .oracle_jre_usage
-rw-------   1 root  wheel   54 Jun  8 19:27 .sh_history
-rw-------   1 root  wheel  919 Jun  8 10:19 .viminfo
drwx------   2 root  wheel   68 May  1 19:16 Documents
drwx------+  3 root  wheel  102 May  1 19:16 Downloads
drwx------  14 root  wheel  476 Feb 12 13:36 Library
xx-MBA:~ root# exit
logout
07:28 pm xx@xx-MBA ~
$

Running killswitch as sudo writes the config file to the root $HOME. You can see there where I have su to root and listed the home dir to show time stamps.

You can see the timestamp on the ~/killswitch.pf.conf file in my user $HOME was last night.

There is nothing wrong with my ‘sudo setup’.

07:32 pm xx@BW-MBA ~
$ ls -la ~/killswitch.pf.conf
-rw-r--r--  1 ilium007  staff  749  7 Jun 23:06 /Users/ilium007/killswitch.pf.conf
07:32 pm xx@xx-MBA ~
$
+1
ilium007 on Jun 8, 2017
Read more comments on GitHub
← SharpGLTF: Struggling with Invalid Matrix
killswitch: Killswitch is not working with OpenVPN →