I use a VPN for work & run applications that should only ever send the confidential data over this VPN interface, however, if the connection drops I currently risk leaking data out as the application tries to reconnect on another interface (eg. my home connection - not tunneled over VPN).

Allowing a user to define an interface rule would be very useful.


P.s. I've tried to implement a version of this using rules to check the source IP (and seeing if it's one assigned by the VPN server), but it doesn't appear to work (see here for a similar problem) & may not be possible if I am assigned a normal LAN address (eg. 10.0.0.5), where the rule would still be valid if the VPN went down (as my home network uses this IP range also).