how to implement VPN Kill Switch programatically in macOS
0down | I want to implement VPN killswitch programatically.I could enable and disable pf manually from terminal.But I cant do it from my App. For this I loaded pf.conf file with rules: "block drop all\n" "pass inet proto udp from any to 224.0.0.0/4 keep state\n" "pass inet proto udp from 224.0.0.0/4 to any keep state\n" "pass inet from any to 255.255.255.255 flags S/SA keep state\n" "pass inet from 255.255.255.255 to any flags S/SA keep state\n" "pass on $active_interface proto tcp from any port 67:68 to any port 67:68 flags S/SA keep state\n" "pass on $active_interface proto udp from any port 67:68 to any port 67:68 keep state\n" "pass on $active_interface inet proto tcp from any to 109.201.137.13 flags S/SA keep state\n" "pass on $active_interface inet proto udp from any to 109.201.137.13 keep state\n" "pass on $VPN_interface all flags S/SA keep state\n" and it works fine with "sudo pfctl -e" and "sudo pfctl -d" when vpn is connected.If VPN is disconnectd traffic will be blocked and user have to either connect to the von or disable the kill swich to avail the traffic. For executing commnd from mac app I used previlege helper tool and I am getting 'PF enbled' and 'PF disabled' as per the pf commands in the console.But the traffic is blocked all the time.I am using swift for development I was struggling with this by a week.Please help any one asp. Any help will be appreciated.Thanks in advance. |
