diff --git a/Dockerfile b/Dockerfile
index 958210d..8bc455c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,8 @@ ENV CONNECTION_TYPE=tcp
 ENV LAN_NETWORK=
 ENV CREATE_TUN_DEVICE=
 ENV OVPN_CONFIGS=
+ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -L 'https://ipinfo.io'
 COPY startup.sh .
-RUN apk add --update --no-cache openvpn wget unzip coreutils curl && chmod +x ./startup.sh
+RUN apk add --update --no-cache openvpn wget unzip coreutils curl ufw && chmod +x ./startup.sh
 ENTRYPOINT [ "./startup.sh" ]
diff --git a/README.md b/README.md
index 61f763c..e410ad0 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ The container is configurable using 5 environment variables:
 |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24|
 |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users|
 |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files)
+|ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality
 
 `SURFSHARK_USER` and `SURFSHARK_PASSWORD` are provided at [this page](https://my.surfshark.com/vpn/manual-setup/main/openvpn).
 
diff --git a/startup.sh b/startup.sh
index 1d32ca9..ef77516 100644
--- a/startup.sh
+++ b/startup.sh
@@ -13,15 +13,15 @@ printf "${SURFSHARK_USER}\n${SURFSHARK_PASSWORD}" > vpn-auth.txt
 if [ -n ${LAN_NETWORK}  ]
 then
     DEFAULT_GATEWAY=$(ip -4 route list 0/0 | cut -d ' ' -f 3)
-    
+
     splitSubnets=$(echo ${LAN_NETWORK} | tr "," "\n")
-    
+
     for subnet in $splitSubnets
-    do  
+    do
         ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0
         echo Adding ip route add "$subnet" via "${DEFAULT_GATEWAY}" dev eth0 for attached container web ui access
     done
-    
+
     echo Do not forget to expose the ports for attached container web ui access
 fi
 
@@ -33,3 +33,11 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
 fi
 
 openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS
+
+if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then
+  ufw reset
+  ufw default deny incoming
+  ufw default deny outgoing
+  ufw allow out on tun0 from any to any
+  ufw enable
+fi
\ No newline at end of file