4

I edited iptables so that when the VPN service is disconnected, no program will access the internet.

Well, I did an experiment. I disconnected the VPN service manually and immediately did a ping by issuing the following command:

sudo ping www.yahoo.com

Below are the results:

PING ds-any-fp3-real.wa1.b.yahoo.com (206.190.36.45) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- ds-any-fp3-real.wa1.b.yahoo.com ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7056ms

Was any data including geolocation information sent out from my computer and received by the destination party during the ping session?

Seth
  • 59,332
n00b
  • 1,927

1 Answers1

3

I think you're worried about the 8 packets transmitted message.

The ping application generates packets and submits them to the kernel for processing. Those are the "transmitted" packets reported in ping statistics. When packets enter the iptables' chains they can be accepted, dropped or rejected.

Ping says sendmsg: Operation not permitted because packets sent by the application were not accepted. So the answer is no, packets sent by ping didn't leave your computer.

But, as said by Alaa, you pinged www.yahoo.com and the name was successfully resolved to an address (206.190.36.45). This only happens if your computer sends a DNS query and receives a reply or if the name is in the DNS cache, which shouldn't happen by default (thanks @Alaa).

Are you sure all the traffic is blocked if VPN is disconnected? Maybe you didn't block DNS. You should only accept output traffic destined to your VPN gateway.

Community
  • 1
Eric Carvalho
  • 55,453