# Ban non-VPN or all networking



## geek (Mar 18, 2017)

Hello.

Is there a way to force some applications to only use a VPN interface for networking, or ban all networking from them completely? Could this be done with jails? I want to use VPN "anonymously" so that my real IP, DNS requests and other such stuff are not leaked.


----------



## Handy92 (Mar 18, 2017)

Firefox Yes, but another aplication You must change in text file manually - i think. Also Firewall can block any non-VPN connection and unlock traffic for VPN IP, but at thi$ moment i have no idea how to redirect all traffic via VPN.


----------



## Preetpal (Mar 27, 2017)

Just block all traffic in/out of your machine using a firewall like PF (https://www.freebsd.org/doc/handbook/firewalls-pf.html). Then only allow traffic through the VPN.

Sample for /etc/pf.conf


```
loopback_device = "lo0"
network_devices = "{ em0 wlan0 }"
tcp_pass = "{ 80 443 }"

# table containing all IP addresses assigned to the firewall
table <firewall> const { self }

# do not filter on the loopback device
set skip on lo0

scrub in all
antispoof for $network_devices

block all

# Whitelist VPN traffic out of machine below.
```

Note that you have to start and enable PF to for outbound/inbound traffic to be blocked.


----------

