[feature] privileged bitmask helper

This is still quite untested, and a bit hacky, but the main idea behind let us have a daemonized bitmask helper, that should be installed by the Bitmask installer. Its responsibilities are to launch the vpn process as a privileged user, and start/stop the firewall.
author: Kali Kaneko <kali@leap.se> 2016-01-29 13:18:36 -0800
committer: Kali Kaneko <kali@leap.se> 2016-04-18 16:15:21 -0400
commit: e9e9abc4ec26be29b3a6b09e6a0b67786269183b (patch)
tree: 698ffd51104e6d391957ba25e31e88a2bbced38a /pkg/osx/bitmask.pf.conf
parent: 0bd65c1d3e6c5ee1d861122ec2cd617ad026de43 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/pkg/osx/bitmask.pf.conf b/pkg/osx/bitmask.pf.conf
new file mode 100644
index 00000000..eb0e858f
--- /dev/null
+++ b/pkg/osx/bitmask.pf.conf
@@ -0,0 +1,17 @@
+default_device = "en99"
+
+set block-policy drop
+set skip on lo0
+
+# block all traffic on default device
+block out on $default_device all
+
+# allow traffic to gateways
+pass out on $default_device to <bitmask_gateways>
+
+# allow traffic to local networks over the default device
+pass out on $default_device to $default_device:network
+
+# block all DNS, except to the gateways
+block out proto udp to any port 53
+pass out proto udp to <bitmask_gateways> port 53
author	Kali Kaneko <kali@leap.se>	2016-01-29 13:18:36 -0800
committer	Kali Kaneko <kali@leap.se>	2016-04-18 16:15:21 -0400
commit	e9e9abc4ec26be29b3a6b09e6a0b67786269183b (patch)
tree	698ffd51104e6d391957ba25e31e88a2bbced38a /pkg/osx/bitmask.pf.conf
parent	0bd65c1d3e6c5ee1d861122ec2cd617ad026de43 (diff)