blob: eb0e858f6250ef3aaf2d0fdcea28797a82a70e19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
default_device = "en99"
set block-policy drop
set skip on lo0
# block all traffic on default device
block out on $default_device all
# allow traffic to gateways
pass out on $default_device to <bitmask_gateways>
# allow traffic to local networks over the default device
pass out on $default_device to $default_device:network
# block all DNS, except to the gateways
block out proto udp to any port 53
pass out proto udp to <bitmask_gateways> port 53
|
