In contrast with many other solutions, hide.me CLI does not use any sort of Linux firewalling technology (IPTables, NFTables or eBPF). Instead of relying on Linux'es IP filtering frameworks, hide.me CLI selectively routes traffic by setting up a special routing table and a set of routing policy database rules. Blackhole routes in the aforementioned routing table drop all traffic unless it meets one of the following conditions:
Traffic is local ( loopback interfaces, local broadcasts and IPv6 link-local multicast )
DHCPv4 traffic
Traffic is explicitly allowed by the means of the Split-tunneling option
Traffic is marked
Traffic is about to be tunneled
This mode of operation makes it possible for the users to establish their own firewalling policies with which hide.me CLI won't interfere.
In contrast with many other solutions, hide.me CLI does not use any sort of Linux firewalling technology (IPTables, NFTables or eBPF). Instead of relying on Linux'es IP filtering frameworks, hide.me CLI selectively routes traffic by setting up a special routing table and a set of routing policy database rules. Blackhole routes in the aforementioned routing table drop all traffic unless it meets one of the following conditions:
Traffic is local ( loopback interfaces, local broadcasts and IPv6 link-local multicast )
DHCPv4 traffic
Traffic is explicitly allowed by the means of the Split-tunneling option
Traffic is marked
Traffic is about to be tunneled
This mode of operation makes it possible for the users to establish their own firewalling policies with which hide.me CLI won't interfere.