pf.conf-x1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return	# block stateless traffic
pass		# establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

# for virtual machines (faq16) and https://github.com/vext01/recipes/blob/master/recipes/debian9_inside_vmm.md
#vm_dns=8.8.8.8
vm_dns=192.168.1.69
vm_ext=iwm0

match out on $vm_ext from 100.64.0.0/10 to any nat-to ($vm_ext)
pass in log (all, to pflog1) proto { udp tcp } from 100.64.0.0/10 to any port domain \
     rdr-to $vm_dns port domain