Mac Os X Maverick issue with applying firewall

[avalanche 0]

Hi All,

I try to apply firewall rules for mac to prevent any leaks but I have issue with it. I am using this tutorial:

 

https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-2?do=findComment&comment=2532

 

I don't need any DNS services or such so I have remove them from file (I use resolve names in config generator). I also add servers IP that I want to use. This is my config file.

 

block drop out inet from 192.168.0.0/16 to any

#Luxemburg

pass out quick inet from 192.168.0.0/16 to 94.242.205.234 flags S/SA keep state

#Netherlands

pass out quick inet from 192.168.0.0/16 to 95.211.186.65 flags S/SA keep state

#Romania

pass out quick inet from 192.168.0.0/16 to 109.163.230.232  flags S/SA keep state

#Sweden

pass out quick inet from 192.168.0.0/16 to 178.248.30.131 flags S/SA keep state

# Local network

pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16 flags S/SA keep state

# Allow all on lo0

pass out quick inet from 127.0.0.1 to any flags S/SA keep state

# Everything tunneled

pass out quick inet from 10.0.0.0/8 to any flags S/SA keep state

 

And now I try to load those rules.

 

sudo pfctl -f pf.conf

Password:

pfctl: Use of -f option, could result in flushing of rules

present in the main ruleset added by the system at startup.

See /etc/pf.conf for further details.

 

No ALTQ support in kernel

ALTQ related functions disabled

 

And still even I am not connected to VPN I have full internet access. Am I doing something wrong? This is etc/pf.conf

 

scrub-anchor "com.apple/*"

nat-anchor "com.apple/*"

rdr-anchor "com.apple/*"

dummynet-anchor "com.apple/*"

anchor "com.apple/*"

load anchor "com.apple" from "/etc/pf.anchors/com.apple"

 

Basicly what I need is a way to test rules, apply them and preferably to simple remove them when needed. My internal IP address is 192.168.1.X should I also change rules to that?

Thanks in advance for help.

 

Best Regards

P.S I have paste content of files not add as attachment but "I am not permitted to upload file of this kind"

[Staff 9781]

Hello!

 

Please make sure that your internal network is in 192.168.0.0/16, then try to add the following rules:

 

pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16

pass out quick inet from any to 255.255.255.255

 

The first rule allows communications within your local network, the second rule enables DHCP discovery and negotiation.

 

Kind regards