Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
# add group (to be used for iptables matching)
groupadd novpn
# add user to group
adduser yourusername novpn
# set iptables rules (marking packets of novpn group)
iptables -t mangle -A OUTPUT -m owner --gid-owner novpn -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# add new routing table
echo "1 novpn.out" >> /etc/iproute2/rt_tables
# set new table (with standard interface wlan0 as default)
ip route add default dev wlan0 table novpn.out
# set new rule (matching the packets marked by iptables)
ip rule add fwmark 1 table novpn.out
# unset rp_filter (mandatory!?)
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
# start process within the group
sg novpn -c processname
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment