Last active
September 25, 2023 20:00
-
-
Save mowings/633a16372fb30ee652336c8417091222 to your computer and use it in GitHub Desktop.
script to get xet xhyve working with all vpn interfaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| interfaces=( $(netstat -in | egrep 'utun\d .*\d+\.\d+\.\d+\.\d+' | cut -d ' ' -f 1) ) | |
| rulefile="rules.tmp" | |
| echo "" > $rulefile | |
| sudo pfctl -a com.apple/tun -F nat | |
| for i in "${interfaces[@]}" | |
| do | |
| RULE="nat on ${i} proto {tcp, udp, icmp} from 192.168.64.0/24 to any -> ${i}" | |
| echo $RULE >> $rulefile | |
| done | |
| sudo pfctl -a com.apple/tun -f $rulefile |
I tried this under macOS 10.5.5 Catalina and also get this "No ALTQ support in kernel" message.
Unfortunately also @clemcke 's tipp is not working under this version.
I also have a question to the rule itself:
What is it exactly doing?
What does this 192.168.64.0/24 mean?
I need a way to prevent calls to a remote network to where I'm connected over a pulse secure vpn client for a specific ip range (10.211.55.0/24).
Would this script do this for me (if it would work in generell) and if I would change the "192.168.64.0/24" part to "10.211.55.0/24"?
Or is this working the other way around, so only ip's in the range 192.168.64.0/24 get routed to the remote net?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@hayderimran7 Your script is not working bc it is missing the anchor "tun". Follow this guide to add it.
https://apple.stackexchange.com/questions/312400/pfctl-howto-add-an-anchor-and-make-it-active-load-it