Firewalld, how to block other interfaces and allow only vpn interface?

Hi all. I have huge problem with firewalld and im not are firewall exprert at all. I hope someone can help me with this. Im reading internet about 4 days firewalld and fighting with it, but nothing what i try not work. I use latest EndeavourOs on my computer and Cinnamon desktop.

It is cool and great idea put firewalld on default set up every clean install. Nice. But the small “shadowside” is how to use it firewalld.

Okey, my problem are…Deluge tells me now i have port connection problem or something. Also i need block one interface and allow vpn interface. My network interfaces in computer goes something like this:

  • Lo
  • enps20
  • tun0
  • epn20 must be blocked. All network connections i want block.
  • tun0 is my vpn interface. Everything can be allowed expect ssh, ftp, telnet etc connections. Also here is the deluge connection problem.

I have port xxxx set up on vpn client. This is ok, and same port is copy pasted in deluge. I think huge problem is firewalld ? Before apollo was landed, my endeavouros setup was same what i try now explain. Expect without firewalld. Everything was set up with iptables. Now iptable rules not work somehow with firewalld.

Problem are how to fix firewalld to working with deluge with open ports or something and second problem is how to i can block other network interface (enp2s0) and allow only tun0 ? Iam noobie with all, sorry. I hope you understand what i try tell, and if you have good answer for me, please write like i am really stupid person. Its very difficult understand all things what to need to know.

So, if you have little bit extra time and you dont have any other things to do, please can you help me with this. Thank you thousends times. I dont know how get this working.

firewalld is excellent at blocking inbound traffic. It is very easy to use and flexible.

If you want to use it to block outbound traffic, you have to use direct rules which are simliar to iptables rules. There is an example here:

The TLDR is that there isn’t an easy push-button solution to this with firewalld.

1 Like

Thanks for help !
I can try your tip.

Something like that (i copy rules in your link). This allow https & https if it works. And deny all other.

How to allow vpn connections before i deny all other connections ? This commands was only http and https and yes i need that too.

All that commands i think firewall allow also without vpn http & https connections there enp2s0 interface ? I dont want that. I want close and block enps20 all incoming & Outgoing connections. Allow only tun0 vpn connections.

Thank you.