Last active
August 7, 2018 03:24
-
-
Save whoamiTM/1da44230a6e7fdc21e39bebd43383318 to your computer and use it in GitHub Desktop.
PF Firewall Rules For MacOS | VPN Kill Switch | Use with killswitch.pf.command | mv killswitch.pf.conf ~/Documents/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int_en1 = "en0" | |
| vpn_utun1 = "tap0" | |
| vpn_ip = "55.55.55.55" | |
| set block-policy drop | |
| set ruleset-optimization basic | |
| set skip on lo0 | |
| block all | |
| block out inet6 | |
| # dns | |
| pass quick proto {tcp, udp} from any to any port 53 keep state | |
| # Allow broadcasts on internal interface | |
| pass from any to 255.255.255.255 keep state | |
| pass from 255.255.255.255 to any keep state | |
| # Allow multicast | |
| pass proto udp from any to 224.0.0.0/4 keep state | |
| pass proto udp from 224.0.0.0/4 to any keep state | |
| # Allow ping | |
| pass on $int_en1 inet proto icmp all icmp-type 8 code 0 keep state | |
| # Allow dhcp | |
| pass on $int_en1 proto {tcp,udp} from any port 67:68 to any port 67:68 keep state | |
| # use only the vpn | |
| pass on $int_en1 proto {tcp, udp} from any to $vpn_ip | |
| pass on $vpn_utun1 all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment