How to avoid that in case the connection to the VPN server drops, the connection start routing via your ISP network .
Script assuming the vpn server is running on UDP port 1194
Start the killswitch, /usr/local/sbin/vpn-killswitch-start
#!/bin/bash
#accept packets to/from dhcp server
iptables -t filter -A OUTPUT -p udp --dport 67 -j ACCEPT
iptables -t filter -A INPUT -p udp --sport 67 -j ACCEPT
#packets in input allowed only coming from VPN
iptables -t filter -A INPUT -p udp --sport 1194 -j ACCEPT
iptables -t filter -i tun0 -A INPUT -j ACCEPT
iptables -t filter -A INPUT -j DROP
#packets in output allowed only to VPN
#one of these lines for each vpn server used
iptables -t filter -A OUTPUT -d ip.address.vpn.server -p udp --dport 1194 -j ACCEPT
iptables -t filter -o tun0 -A OUTPUT -j ACCEPT
iptables -t filter -A OUTPUT -j DROP
Stop the killswitch, /usr/local/sbin/vpn-killswitch-stop
#!/bin/bash
iptables -F
Monitor
while true; do clear; iptables -L -v -n; sleep 1; done