Struggling with Firewall settings [Openvpn + Nordvpn + Qbittorrent + ipfw]

[dekisokonai]

The resources i've used to get to this point:

Digimoot - TrueNAS: Add VPN Connection to a Jail (for setting up the jail, and using openvpn with a nordvpn connection, which works)
Dan Jacques - VPN Client Jail (for adding the killswitch, which is currently not working)

The Digimoot link didn't include how to set up the jail, so I just set up a basic jail with a static ip address (this could be where the problem lies, I don't know), then I followed it.

The problem:
Here is the main issue that I am having:

Starting openvpn.
root@vpn:~ # curl ifconfig.me
195.XX.XX.XXroot@vpn:~ # service openvpn stop
Stopping openvpn.
Waiting for PIDS: 42869.
root@vpn:~ # curl ifconfig.me
89.XX.XX.XXroot@vpn:~ #

While openvpn is active, it does match the ip address to the one listed in openvpn.conf, but when i stop openvpn the killswitch is supposed to go into effect.
It doesn't seem like the killswitch (ipfw.rules) is actually doing anything, so I am curious what I am doing wrong here.

quick stupid question: why is my ip 89.xx.xx.xx in the jail, when I set the static ip for the jail as 10.xx.xx.xx ? I guess it doesn't matter, but I really don't know why that's the case.

These are my ipfw.rules: I marked the changes I made in bold, otherwise I kept it the exact same as the github post, since I don't know what most of this stuff actually does.

#!/bin/sh
##
# OpenVPN Kill Switch Configuration.
#
# From:
# https://github.com/danjacques/freenasdocs
##

. /etc/network.subr

RULE_NO=1000
fwcmd="/sbin/ipfw"
add_fw() {
${fwcmd} add ${RULE_NO} $*
RULE_NO=$((${RULE_NO}+1))
}

# Flush all current rules before we start.
${fwcmd} -f flush

# Enable loopback.
add_fw allow ip from any to any via lo0

# Enable VPN traffic.
add_fw allow ip from any to any via tun*

# Internal Routing
#
# Change these addresses accordingly for your internal network and netmask.
add_fw allow log ip from any to 10.XX.XX.XX/24 keep-state <- I changed the ip address here to the one I found under Jails--> [nameofJail] --> Expand row --> IPV4:

# Allow DNS traffic.
#
# OpenVPN configs may use host names, and we'll need to look these up.
# Default route.
add_fw allow log udp from any to any dst-port 53 keep-state

# Allow traffic on OpenVPN UDP port.
#
# If you're using TCP VPN and/or a different port, update accordingly. Consult
# your OpenVPN config for details.
add_fw allow log udp from any to any dst-port 1194 keep-state <- I changed the port here to the one listed under openvpn.conf

# Cleanup rules.
RULE_NO=4000
add_fw allow ip from 127.0.0.1 to any

# VPN Network Access.
RULE_NO=5000
add_fw allow ip from 10.0.0.0/7 to any
add_fw allow ip from any to 10.0.0.0/7

# Block everything else.
RULE_NO=65534
add_fw deny log ip from any to any

I've attached my jail settings as png's, but (hopefully) censored the important bits. Any help here would be greatly appreciated, but meanwhile i'll just see if I can find an IPFW quickstart guide somewhere, because I've been trying to figure this out for a long time now, and I feel like i'm really close to just getting it done. In any case, thank you for giving this thing a read.

 

[larsh]

Not sure if you've already found it / fixed your issue but I found this for ipfw :

Chapter 33. Firewalls

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER. This chapter covers how to define packet filtering rules, the differences between the firewalls built into FreeBSD and how to use them

docs.freebsd.org

 

[dekisokonai]

Not sure if you've already found it / fixed your issue but I found this for ipfw :

Chapter 33. Firewalls

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER. This chapter covers how to define packet filtering rules, the differences between the firewalls built into FreeBSD and how to use them

docs.freebsd.org

I have not, and I still don't know how to fix it, but I've bookmarked the link, so i'll look at it sometime during the week. thanks!