blob: 884232824c42857ca3986c7c95c29e53847d18b4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
default_device = "en99"
set block-policy drop
scrub in all
set skip on lo0
antispoof for $default_device
# block all traffic on default device
block out on $default_device all
# allow traffic to gateways
pass out on $default_device to <bitmask_gateways>
# allow traffic to local networks over the default device
pass out on $default_device to $default_device:network
# block all DNS, except to the gateways
block out proto udp to any port 53
pass out proto udp to <bitmask_gateways> port 53
|
