diff options
| author | Kali Kaneko (leap communications) <kali@leap.se> | 2019-07-15 18:06:29 +0200 |
|---|---|---|
| committer | Ruben Pollan <meskio@sindominio.net> | 2019-08-05 11:46:16 -0400 |
| commit | 1106467f972e6e5d6781412e999d7c44195bb2df (patch) | |
| tree | a0f72d3902407564439cfe866aeba4a03d9854bb /branding/templates/osx/bitmask.pf.conf | |
| parent | f8218b2beb8b184e7b3585f1280695ecfef040f9 (diff) | |
[feat] osx build templates
Diffstat (limited to 'branding/templates/osx/bitmask.pf.conf')
| -rw-r--r-- | branding/templates/osx/bitmask.pf.conf | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/branding/templates/osx/bitmask.pf.conf b/branding/templates/osx/bitmask.pf.conf new file mode 100644 index 0000000..8842328 --- /dev/null +++ b/branding/templates/osx/bitmask.pf.conf @@ -0,0 +1,19 @@ +default_device = "en99" + +set block-policy drop +scrub in all +set skip on lo0 +antispoof for $default_device + +# block all traffic on default device +block out on $default_device all + +# allow traffic to gateways +pass out on $default_device to <bitmask_gateways> + +# allow traffic to local networks over the default device +pass out on $default_device to $default_device:network + +# block all DNS, except to the gateways +block out proto udp to any port 53 +pass out proto udp to <bitmask_gateways> port 53 |