#!/bin/bashtempDir='/tmp/nord'serversIpList='serversIpList'enableKillSwitc

1. #!/bin/bash
2. tempDir='/tmp/nord'
3. serversIpList='serversIpList'
4. enableKillSwitchScript='/home/goog/Documents/Enable_VPN_Kill_Switch.sh'
5. wifiInterfaceName='wlp2s0'
6. connectionProtocol='udp'
7. connectionPort='1194'
8. linkToOvpnZip='https://nordvpn.com/api/files/zip'
9. # Download new IP list
10. printf "\nCreating temporary directory"
11. mkdir $tempDir
12. printf "\nDownloading new VPN config files\n"
13. wget --directory-prefix=$tempDir $linkToOvpnZip
14. printf "\nExtracting IPs from config files"
15. unzip -q $tempDir/zip -d $tempDir
16. grep -h "remote " $tempDir/*ovpn | cut -d ' ' -f 2 | sort -u > $tempDir/$serversIpList
17. #Create script that will enable kill switch$enableKillSwitchScript
18. printf "\nCreating new Kill Switch Script"
19. rm -f $enableKillSwitchScript
20. touch $enableKillSwitchScript
21. echo "#!/bin/bash" >> $enableKillSwitchScript
22. echo "iptables --flush" >> $enableKillSwitchScript
23. echo "iptables --delete-chain" >> $enableKillSwitchScript
24. echo "iptables -t nat --flush" >> $enableKillSwitchScript
25. echo "iptables -t nat --delete-chain" >> $enableKillSwitchScript
26. echo "iptables -P OUTPUT DROP" >> $enableKillSwitchScript
27. echo "iptables -A INPUT -j ACCEPT -i lo" >> $enableKillSwitchScript
28. echo "iptables -A OUTPUT -j ACCEPT -o lo" >> $enableKillSwitchScript
29. IP_LIST=$(tr '\n' ' ' < $tempDir/$serversIpList)
30. for IP in $IP_LIST; do
31.   echo "echo 'adding rules for IP: $IP'" >> $enableKillSwitchScript
32.   echo "iptables -A OUTPUT -j ACCEPT -d $IP/27 -o $wifiInterfaceName -p $connectionProtocol -m $connectionProtocol --dport $connectionPort" >> $enableKillSwitchScript
33.   echo "iptables -A INPUT -j ACCEPT -s $IP/27 -i $wifiInterfaceName -p $connectionProtocol -m $connectionProtocol --sport $connectionPort" >> $enableKillSwitchScript
34. done
35. echo "iptables -A INPUT -j ACCEPT -i tun0" >> $enableKillSwitchScript
36. echo "iptables -A OUTPUT -j ACCEPT -o tun0" >> $enableKillSwitchScript
37. echo "iptables -A INPUT --src 192.168.0.0/24 -j ACCEPT -i $wifiInterfaceName" >> $enableKillSwitchScript
38. echo "iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT -o $wifiInterfaceName" >> $enableKillSwitchScript
39.  
40. echo "iptables -A INPUT -j DROP" >> $enableKillSwitchScript
41. echo "iptables -A OUTPUT -j DROP" >> $enableKillSwitchScript
42. echo "printf '\nVPN Kill Switch Enabled!\n'" >> $enableKillSwitchScript
43.  
44. printf "\nClening up"
45. chmod 744 $enableKillSwitchScript
46. rm -rf $tempDir
47. printf "\nDone. \nKill Switch Script is here: $enableKillSwitchScript\n"