Seeding with firewall vpn killswitch

[eightytwo20]

Hey guys, just want to make sure I'm not an idiot.

I have a vpn kill switch that I've made in UFW on Mint. It basically involves:

Denying all incoming and outgoing by default
Allowing in and out on my local network
Allowing out to tun0
Allowing out to the VPN server ip

If I only allow out to the vpn server, does that block any uploading/seeding? I still want/need to be able to seed so it's important. If I do need to allow in, is there a way I can keep my security?

Cheers

[boomclick]

yes. in firewall settings, you can add a rule to allow incoming connections only to deluge (deluge torrent in firewall list) or allow incoming connections only to the port that deluge uses.

[eightytwo20]

yes. in firewall settings, you can add a rule to allow incoming connections only to deluge (deluge torrent in firewall list) or allow incoming connections only to the port that deluge uses.

Okay fair enough, does that retain my security though? Would my IP be leaked that way?

[boomclick]

if you stay stable and updated, you should be fairly safe. security is relative, and someone could always discover a flaw in deluge or libtorrent or your vpn protocol. as to leaking ip address, that seems exclusively related to your vpn protocol and vpn provider. i wouldn't worry about it if your vpn is solid, but there isn't a simple yes or no answer.

[eightytwo20]

Thanks for your response, but not exactly what I mean. I just mean, conceptually, if I have all connections blocked off except for outgoing to my VPN server, and then set an "allow incoming" for Deluge, does the incoming still route through my VPN or does it run through my native connection?

[boomclick]

it should work if you specify the allow incoming to only work on the tun0 interface. both ufw and gufw allow this option with a little configuration.

[eightytwo20]

Fantastic, thanks for your help