Last active
October 13, 2022 03:15
-
-
Save williewillus/d46515cebc6a0be1533eca2e58bf5432 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inet <public-ip-1> 255.255.254.0 NONE | |
| inet alias <public-ip-2> 255.255.255.255 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wgkey redacted wgport 51820 | |
| inet 10.0.0.1 255.255.255.0 | |
| wgpeer redacted \ | |
| wgaip 10.0.0.2/32 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 | |
| index 3 priority 0 llprio 3 | |
| groups: lo | |
| inet6 ::1 prefixlen 128 | |
| inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 | |
| inet 127.0.0.1 netmask 0xff000000 | |
| vio0: flags=608843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6,INET6_NOSOII> mtu 1500 | |
| lladdr 56:00:01:d9:1d:60 | |
| index 1 priority 0 llprio 3 | |
| groups: egress | |
| media: Ethernet autoselect | |
| status: active | |
| inet <public-addr-1> netmask 0xfffffe00 broadcast .... | |
| inet <public-addr-2> netmask 0xffffffff | |
| inet6 fe80::5400:1ff:fed9:1d60%vio0 prefixlen 64 scopeid 0x1 | |
| enc0: flags=0<> | |
| index 2 priority 0 llprio 3 | |
| groups: enc | |
| status: active | |
| wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420 | |
| index 4 priority 0 llprio 3 | |
| wgport 51820 | |
| groups: wg | |
| inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 | |
| pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136 | |
| index 5 priority 0 llprio 3 | |
| groups: pflog |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ | |
| # | |
| # See pf.conf(5) and /etc/examples/pf.conf | |
| set skip on lo | |
| block return # block stateless traffic | |
| pass # establish keep-state | |
| # By default, do not permit remote connections to X11 | |
| block return in on ! lo0 proto tcp to port 6000:6010 | |
| # Port build user does not need network | |
| block return out log proto {tcp udp} user _pbuild | |
| # Allow wg peers to connect | |
| pass in on egress proto udp from any to any port 51820 | |
| set skip on wg0 | |
| # Binat to NAS | |
| pass from 10.0.0.2 binat-to <public-ip-2> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| block return all | |
| pass all flags S/SA | |
| block return in on ! lo0 proto tcp from any to any port 6000:6010 | |
| block return out log proto tcp all user = 55 | |
| block return out log proto udp all user = 55 | |
| pass in on egress proto udp from any to any port = 51820 | |
| pass out inet from 10.0.0.2 to any flags S/SA nat-to <public-addr-2> static-port | |
| pass in inet from any to <public-addr-2> flags S/SA rdr-to 10.0.0.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment