AllowedIPs calculator for split tunnel and firewall rules


example ranges to be excluded:,,,,,,,

OpenBSD version. use with pfctl -ef FILENAME. you may wish to block all connection without port < 1023 rule.

table <ip_range> {,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, }
block return out quick proto tcp to <ip_range> port < 1023 no state

Windows PowerShell version (remove -Enabled False first)

$ips = @("", "")
New-NetFirewallRule -DisplayName "BlockoutPublicIPv4" -Enabled False -Profile Any –RemoteAddress $ips -Direction Outbound -Protocol TCP -Action Block

Linux version (unreachable can be replaced with blackhole. remove echo first)

for ip in; do
echo ip route add unreachable $ip
# optional: table 8888; then use ip rule add uidrange 0-0 table 8888 priority 32000

ufw users: ufw deny out on INTERFACE to TARGET.

社区准则 博客 联系 社区 状态