#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return	# block stateless traffic
pass		# establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

dns_server=192.168.1.69
match out on egress from vether0:network to any nat-to (egress)
pass in proto { udp tcp } from vether0:network to any port domain \
	rdr-to $dns_server port domain