I have setup firewall rules to block Deluged (a torrent client) traffic if the VPN is not running. The following rules were implemented (from this post: https://forums.comodo.com/firewall-help-cis/how-can-i-block-internet-traffic-for-specific-application-by-command-or-rules-t115919.0.html ) :
If your VPN connection has it’s own virtual network adapter and the applications are always supposed to use the VPN connection then you can set up these rules to only allow traffic over the VPN interface and never any other interface.
Rule #1:
Allow TCP/UDP Out From VPN MAC Address to MAC Any where Source Port is Any and Destination Port is Any
Rule #2 (Optional, only use if your application needs inbound traffic, example is torrent applications):
Allow TCP/UDP In from MAC Any to VPN MAC Address where Source Port is Any and Destination Port is single port (whatever port the application is set up to listen to)
Rule 3:
Block IP IN/OUT From MAC Any to MAC Any Where Protocol is Any
Rule 1 is to allow the application to send outbound traffic via the VPN interface and rule 2 is to allow others to establish a connection with you via the VPN interface, Rule 3 is to block any other traffic which means the application can only ever communicate via the VPN interface. This also means that the application won’t have any internet if the VPN isn’t active. It also means you have to update the MAC addresses in the rules if you need to reinstall the adapter (like tap adapter for example)
Hope that helps.
The protocol suggested by Sanya IV Litvyak works great.
However, if I try to start Deluged with the Firewall enabled, the process doesn’t start (it doesn’t even show up in task manager).
The workaround is to turn off the firewall, start and connect Deluged, and then enable the Firewall again
Why do I need to turn off the Firewall each time I want to start Deluged? Do the rules need to be modified somehow?