14 lines
828 B
Text
14 lines
828 B
Text
utunInterfaces = "{ \
|
|
utun0, utun1, utun2, utun3, utun4, utun5, utun6, utun7, utun8, utun9, utun10, \
|
|
utun11, utun12, utun13, utun14, utun15, utun16, utun17, utun18, utun19, utun20, \
|
|
utun21, utun22, utun23, utun24, utun25, utun26, utun27, utun28, utun29, utun30 \
|
|
}"
|
|
|
|
hnsdGroup=amnhnsd
|
|
|
|
# Block everything from handshake group
|
|
# Without this initial block hnsd traffic could possibly travel outside the tunnel (we don't trust the routing table)
|
|
block return out group $hnsdGroup flags any no state
|
|
|
|
# Next, poke a hole in this block but only for traffic on the tunnel (port 13038 is the handshake control port)
|
|
pass out on $utunInterfaces proto { tcp, udp } to port { 53, 13038 } group $hnsdGroup flags any no state
|