How to setup a Kill switch on Tomato and DD-WRT router

In order to prevent traffic leaking outside VPN tunnel whenever you are unexpectedly disconnected from VPN, you have to adjust the Firewall settings in the router:

For Tomato router:

  1. Login to router and go to Administration -> Scripts -> Firewall
  2. Add the following rule:
    iptables -I FORWARD -i br0 -o nvram get wan_iface -j DROP
  3. Save the rule and reboot the router.

For DD-WRT router:

  1. Login to router and go to ‘Administration’ – > ‘Commands’
  2. Add the following rule:
    iptables -I FORWARD -i br0 -o nvram get wan_iface -j DROP
  3. Click on “Save Firewall” and reboot the router.

NOTE: The above firewall (iptables) rule drops forwarding packets for all IPs in the LAN if the VPN is inactive/disconnected. Forwarding only works when the VPN is active.

About IronSocket

Our staff has been involved with computers since the early days of dial up modems. We have combined experiences spanning decades working on a multitude of internet based projects. One of our goals is to make a conscience effort to inform others about staying safe on the internet. If you ever need to reach us, leave a comment, put in a ticket, or contact us using our website's contact us form.