diff --git a/OPENVPN_KILL_SWITCH.txt b/OPENVPN_KILL_SWITCH.txt
new file mode 100644
index 00000000..5748c03c
--- /dev/null
+++ b/OPENVPN_KILL_SWITCH.txt
@@ -0,0 +1,70 @@
+
+#RASPAP KILL SWITCH#
+#Tested on OPEN VPN#
+# ***NOTHING*** passes if openvpn tunnel drops.
+# Previously, masquerade would pass traffic if tunnel disappeared.
+# These rules stop that
+
+
+# ***** First: clear every possible user setting ******
+# Accept all traffic first to avoid ssh lockdown  via iptables firewall rules #
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+ 
+# Flush All Iptables Chains/Firewall rules #
+iptables -F
+ 
+# Delete all Iptables Chains #
+iptables -X
+ 
+# Flush all counters too #
+iptables -Z 
+# Flush and delete all nat and  mangle #
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+iptables -t raw -F
+iptables -t raw -X
+
+# **** Now apply tight firewall rules
+# RASPAP relies on Masquerading - which means forwarding.
+# Do not allow any forwarded packet that doesnt travel thru a wg+ or tun+ interface
+
+# lo traffic very ok
+iptables -A INPUT -i lo -j ACCEPT
+
+#All local lan traffic ok - assumes 192.168.1.1 to 192.168.255.255
+iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
+
+#Emergency override - put your mac address here
+iptables -A INPUT -m mac --mac-source MACADDRESS -j ACCEPT
+
+#Do not allow tun to tun packets
+iptables -A FORWARD -i tun+ -o +tun+ -j DROP
+
+#Do not allow anything from TUN to hit local network - someone is probing when they do this
+iptables -A FORWARD -s 192.168.0.0/16 -i tun+ -j DROP
+
+#Very ok - tun to wlan - this is what we want
+iptables -A FORWARD -i tun+ -o wlan+ -j ACCEPT
+
+#Very ok wlan to tun
+iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT
+
+#very ok eth to tun
+iptables -A FORWARD -i eth+ -o tun+ -j ACCEPT
+
+#Very ok tun to eth
+iptables -A FORWARD -i tun+ -o eth+ -j ACCEPT
+
+#very ok - any established connection from tun to wlan
+iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+#very ok all output packets
+iptables -A OUTPUT -j ACCEPT
+
+#NAT rules (forwarding)
+iptables -A POSTROUTING -j MASQUERADE
+iptables -A POSTROUTING -o tun0 -j MASQUERADE