Created
January 24, 2015 14:33
-
-
Save nl5887/14058dc1229510a25ea5 to your computer and use it in GitHub Desktop.
OSX Rules to block all (incoming and outgoing) access except the traffic routed through (open)vpn.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Options | |
| set block-policy drop | |
| set fingerprints "/etc/pf.os" | |
| set ruleset-optimization basic | |
| set skip on lo0 | |
| # Normalization | |
| # Scrub incoming packets | |
| scrub in all no-df | |
| # Queueing | |
| # Translation | |
| # Filtering | |
| # Antispoof | |
| antispoof log quick for { lo0 en0 en2 } | |
| pass out quick on {en0, en1, en2} inet proto udp from any to VPN_SERVER_IP/32 port 1194 keep state | |
| pass out quick on {en0, en1, en2} inet proto tcp from any to VPN_SERVER_IP/32 port 1194 keep state | |
| # Block by default | |
| block in log on {en0, en1, en2} | |
| block out log on {en0, en1, en2} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment