killswitch: Blocks all traffic
Installed on OSX Sierra 10.12.5 but blocks all outbound traffic:
- The first ping is across the VPN after it has been established (high latency I know)
- Then I enable killswitch
- Final ICMP traffic is blocked. I have tried IP address as well so it is not just DNS resolution, all traffic is blocked.
$ ping google.com
PING google.com (172.217.22.174): 56 data bytes
64 bytes from 172.217.22.174: icmp_seq=0 ttl=55 time=511.271 ms
64 bytes from 172.217.22.174: icmp_seq=1 ttl=55 time=588.272 ms
64 bytes from 172.217.22.174: icmp_seq=2 ttl=55 time=436.001 ms
64 bytes from 172.217.22.174: icmp_seq=3 ttl=55 time=461.739 ms
64 bytes from 172.217.22.174: icmp_seq=4 ttl=55 time=537.670 ms
64 bytes from 172.217.22.174: icmp_seq=5 ttl=55 time=421.272 ms
^C
--- google.com ping statistics ---
7 packets transmitted, 6 packets received, 14.3% packet loss
round-trip min/avg/max/stddev = 421.272/492.704/588.272/58.845 ms
07:23 pm xxxxxx@xx-MBA ~
$ sudo killswitch -e
Interface MAC address IP
en0 7c:d1:c3:e6:fe:cd 192.168.18.15
utun1 10.30.1.6
Public IP address: 5.157.7.147
PEER IP address: 5.157.7.146
To enable the kill switch run: sudo killswitch -e
To disable: sudo killswitch -d
# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
rules cleared
nat cleared
dummynet cleared
0 tables deleted.
0 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset
No ALTQ support in kernel
ALTQ related functions disabled
block drop all
pass quick proto tcp from any to any port = 53 flags S/SA keep state
pass quick proto udp from any to any port = 53 keep state
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 inet proto icmp all icmp-type echoreq code 0 keep state
pass on en0 inet proto tcp from any to 5.157.7.146 flags S/SA keep state
pass on en0 inet proto udp from any to 5.157.7.146 keep state
pass on utun1 all flags S/SA keep state
07:23 pm xxxxxx@xx-MBA ~
$ ping google.com
PING google.com (172.217.22.174): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- google.com ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
07:23 pm xxxxxx@xx-MBA ~
$
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 32 (11 by maintainers)
sudo executes as the root user. I did what you asked and it outputs the user $HOME but when I execute killswitch with sudo look at the timestamp on the
.killswitch.pf.conf
file in the root $HOME - the exact time I ran killswitch -eRunning killswitch as sudo writes the config file to the root $HOME. You can see there where I have su to root and listed the home dir to show time stamps.
You can see the timestamp on the
~/killswitch.pf.conf
file in my user $HOME was last night.There is nothing wrong with my ‘sudo setup’.