farhaven · December 19, 2011 13:56
diff --git a/gistfile1.txt b/gistfile1.txt
 tunnels="{ tun0 tun1 }"
 local  ="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
 vpn    ="{ 131.234.134.198 }"
 dns    ="{ 131.234.137.23 131.234.137.24 }"

 set skip on lo

 pass

 block in on ! lo0 proto tcp to port 6000:6010
 block in on ! lo0 proto tcp to port 113

 # block traffic except to/from the VPN endpoint and tunnelled/local traffic
 block all
 pass on $tunnels

 pass to $vpn
 pass from $vpn

 pass to $dns
 pass from $dns

 pass from $local to $local
	tunnels="{ tun0 tun1 }"
	local ="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
	vpn ="{ 131.234.134.198 }"
	dns ="{ 131.234.137.23 131.234.137.24 }"

	set skip on lo

	pass

	block in on ! lo0 proto tcp to port 6000:6010
	block in on ! lo0 proto tcp to port 113

	# block traffic except to/from the VPN endpoint and tunnelled/local traffic
	block all
	pass on $tunnels

	pass to $vpn
	pass from $vpn

	pass to $dns
	pass from $dns

	pass from $local to $local