Created
August 11, 2012 13:05
-
-
Save farhaven/3324330 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tunnels="{ tun0 }" | |
| local ="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 131.234.0.0/16 }" # local networks, last one is UPB | |
| vpn ="{ 131.234.134.198 }" # vpn endpoint | |
| dns ="{ 131.234.137.23 8.8.4.4 }" | |
| login ="{ 131.234.5.5 172.24.6.65 }" # webauth login | |
| set skip on lo | |
| # block traffic except to/from the VPN endpoint and tunnelled/local traffic | |
| block all | |
| # anchor for network/location specific setup | |
| anchor location | |
| pass on $tunnels | |
| pass to $vpn | |
| pass from $vpn | |
| pass to $dns | |
| pass from $dns | |
| pass to $login | |
| pass from $login | |
| pass from $local to $local | |
| # explicitly block auth and X11 | |
| block in on ! lo0 proto tcp to port 6000:6010 | |
| block in on ! lo0 proto tcp to port auth |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment