faern
commented
3 years ago There has been internal discussions about providing an advanced setting for disabling adding firewall rules. But this turns out to be pretty tricky. Because of the policy based routing we do and how it interacts with fwmarks and how the firewall is used to set those etc it's all pretty dependent on each other.
I agree there is value in allowing advanced users to take care of most of the security by themselves but getting help with automatic server selection and key rotation etc. We'll think about it.
Issue report
Operating system: Linux
App version: 2021.3-dev-6f1427
Issue description
Rather than firewall and routing rules, I used network namespaces on my system (inspired by this page) to ensure most processes can't access the internet except through the VPN. This also makes it convenient to explicitly run a single program outside of the VPN when necessary (e.g., to log into a captive portal).
As such, it would be great if the Mullvad app had an advanced option only to manage an existing Wireguard interface (keys, IP address, et cetera), but not try to create one itself or set up any firewall rules. That way, I could take advantage of the app's automated server selection, key rotation, et cetera while keeping the advantages provided by network namespaces.