Apologizes for necro-post, but I thought I'd share my solution. I'm old-skool unix guy, and I don't trust to manually edit a bazillion files in fear I might miss something, so I put a script in startup:
route add default reject
so there is default gateway of reject, usually dhcp client won't override it. But I am ultra paranoid, so I also
route add -net 0.0.0.0 netmask 128.0.0.0 reject
route add -net 128.0.0.0 netmask 128.0.0.0 reject
These are not "default" routes so they won't be replaced, and they are more specific than a default route so they take precedence. When you join local WiFi, that network is directly connected (and more specific) so local communication is still allowed.
This solution has worked flawlessly for me on many platforms over the years...
|