Kill switch
How to create a VPN kill switch with UFW firewall rules that will stop all internet traffic if your VPN connection drops
Installation
pacman -Syu ufw
systemctl enable ufw
systemctl start ufw
Disable IPv6
/etc/sysctl.d/40-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Modify UFW configuration
/etc/default/ufw
IPV6=no
Modify NetworkManager connection
nmcli connection modify enp1s0 ipv6.method "disabled"
Firewall configuration
ufw --force reset
Allow local traffic
ufw allow in to 10.0.0.0/22
ufw allow out to 10.0.0.0/22
Allow VPN tunnel traffic
ufw allow out on tun0 from any to any
ufw allow in on tun0 from any to any
Allow connection to the VPN server to establish the tunnel
ufw allow out to 185.156.175.0/24 port 1194 proto udp
Set the default policy to deny all traffic
ufw default deny outgoing
ufw default deny incoming
Enable firewall
ufw enable
ufw status verbose
Disable logging
ufw logging off