True network sovereignty requires an absolute fail-safe. If an anomaly is detected during a routine automated scan, or if a workstation is operating on a highly compromised public network segment, you need an immediate method to sever all external connections. A “One-Touch Lockdown” is a custom bash script that clears out operational rulesets and flashes a strict, uncompromising lockdown schema directly into the Linux kernel using nftables.
The Logic of Total Severance
Many standard “kill-switches” rely on gracefully stopping background daemons or requesting network managers to drop specific links. If a system is unstable, these high-level instructions can hang or fail. An emergency lockdown script must bypass user-space applications entirely, dropping traffic directly at the netfilter hook layer within the kernel itself.
The Emergency Bash Script
Below is the technical layout for an executable shell script designed to flush current active configurations and enforce a zero-throughput perimeter:
#!/bin/bash
# Emergency Network Lockdown Script
NFT="/usr/sbin/nft"
echo "[!] Initiating immediate network lockdown..."
# 1. Flush existing rulesets to prevent conflicting overrides
$NFT flush ruleset
# 2. Re-create a clean filter table
$NFT add table inet filter
# 3. Establish absolute drop policies for all core traffic hooks
$NFT add chain inet filter input { type filter hook input priority 0 \; policy drop \; }
$NFT add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }
$NFT add chain inet filter output { type filter hook output priority 0 \; policy drop \; }
# 4. Permit loopback only (internal system stability)
$NFT add rule inet filter input iif lo accept
$NFT add rule inet filter output oif lo accept
echo "[SUCCESS] Network perimeter sealed. All external pipes closed."Deployment and Verification
For the script to remain a functional utility, it must be stored locally with absolute restricted privileges (chmod 700, owned by root) to prevent modification by standard user processes. When executed, this routine leaves the machine entirely safe, isolated, and silent—allowing you to audit logs locally without risk of remote exfiltration or continued intrusion.