-
Notifications
You must be signed in to change notification settings - Fork 8
/
ipfw.rules
35 lines (27 loc) · 1.04 KB
/
ipfw.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/local/bin/bash
# Config
# Set rules command prefix
cmd="ipfw -q add"
user="transmission"
localLan="192.168.0.0/16"
# Block connections by User until the vpn is ready
ipfw -q -f flush add
${cmd} 00193 deny all from any to any uid ${user}
# Get the tunnel id dynamically
vpn="$(ifconfig | grep -v "groups" | grep "tun" | cut -d ":" -f1 | tail -n 1)"
while [ -z "${vpn}" ] && [ "${try:="0"}" -le "20" ]; do
vpn="$(ifconfig | grep -v "groups" | grep "tun" | cut -d ":" -f1 | tail -n 1)"
try="$(( try + 1 ))"
sleep 3
done
# Flush out the list before we begin
ipfw -q -f flush add
# Allow all local traffic on the loopback interface
${cmd} 00001 allow all from any to any via lo0
# Allow any connection to/from VPN interface
${cmd} 00010 allow all from any to any via "${vpn[@]:="tun1"}"
# Allow connection to/from LAN by User
${cmd} 00101 allow all from me to ${localLan} uid ${user}
${cmd} 00102 allow all from ${localLan} to me uid ${user}
# Deny any User connection outside LAN that does not use VPN
${cmd} 00193 deny all from any to any uid ${user}