confs for migration of encrypted x220

author: lemon <lemon@gobi.x220> 2022-06-12 07:11:10 +0100
committer: lemon <lemon@gobi.x220> 2022-06-12 07:11:10 +0100
commit: 5eb6d2da4d80994a6411357c7f6f866a37bf0f11 (patch)
tree: c0084840f4f58172aa2595f032a856646fa183f5 /pf.conf-x1
parent: cbb21e4896e77033dfa851d0682296ab3baf7fbb (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/pf.conf-x1 b/pf.conf-x1
new file mode 100644
index 0000000..5d09a9f
--- /dev/null
+++ b/pf.conf-x1
@@ -0,0 +1,23 @@
+#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
+#
+# See pf.conf(5) and /etc/examples/pf.conf
+
+set skip on lo
+
+block return	# block stateless traffic
+pass		# establish keep-state
+
+# By default, do not permit remote connections to X11
+block return in on ! lo0 proto tcp to port 6000:6010
+
+# Port build user does not need network
+block return out log proto {tcp udp} user _pbuild
+
+# for virtual machines (faq16) and https://github.com/vext01/recipes/blob/master/recipes/debian9_inside_vmm.md
+#vm_dns=8.8.8.8
+vm_dns=192.168.1.69
+vm_ext=iwm0
+
+match out on $vm_ext from 100.64.0.0/10 to any nat-to ($vm_ext)
+pass in log (all, to pflog1) proto { udp tcp } from 100.64.0.0/10 to any port domain \
+     rdr-to $vm_dns port domain
author	lemon <lemon@gobi.x220>	2022-06-12 07:11:10 +0100
committer	lemon <lemon@gobi.x220>	2022-06-12 07:11:10 +0100
commit	5eb6d2da4d80994a6411357c7f6f866a37bf0f11 (patch)
tree	c0084840f4f58172aa2595f032a856646fa183f5 /pf.conf-x1
parent	cbb21e4896e77033dfa851d0682296ab3baf7fbb (diff)