avalanche 0 Posted ... Hi All,I try to apply firewall rules for mac to prevent any leaks but I have issue with it. I am using this tutorial: https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-2?do=findComment&comment=2532 I don't need any DNS services or such so I have remove them from file (I use resolve names in config generator). I also add servers IP that I want to use. This is my config file. block drop out inet from 192.168.0.0/16 to any#Luxemburgpass out quick inet from 192.168.0.0/16 to 94.242.205.234 flags S/SA keep state#Netherlandspass out quick inet from 192.168.0.0/16 to 95.211.186.65 flags S/SA keep state#Romaniapass out quick inet from 192.168.0.0/16 to 109.163.230.232 flags S/SA keep state#Swedenpass out quick inet from 192.168.0.0/16 to 178.248.30.131 flags S/SA keep state# Local networkpass out quick inet from 192.168.0.0/16 to 192.168.0.0/16 flags S/SA keep state# Allow all on lo0pass out quick inet from 127.0.0.1 to any flags S/SA keep state# Everything tunneledpass out quick inet from 10.0.0.0/8 to any flags S/SA keep state And now I try to load those rules. sudo pfctl -f pf.confPassword:pfctl: Use of -f option, could result in flushing of rulespresent in the main ruleset added by the system at startup.See /etc/pf.conf for further details. No ALTQ support in kernelALTQ related functions disabled And still even I am not connected to VPN I have full internet access. Am I doing something wrong? This is etc/pf.conf scrub-anchor "com.apple/*"nat-anchor "com.apple/*"rdr-anchor "com.apple/*"dummynet-anchor "com.apple/*"anchor "com.apple/*"load anchor "com.apple" from "/etc/pf.anchors/com.apple" Basicly what I need is a way to test rules, apply them and preferably to simple remove them when needed. My internal IP address is 192.168.1.X should I also change rules to that?Thanks in advance for help. Best RegardsP.S I have paste content of files not add as attachment but "I am not permitted to upload file of this kind" Quote Share this post Link to post
Staff 10014 Posted ... Hello! Please make sure that your internal network is in 192.168.0.0/16, then try to add the following rules: pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16pass out quick inet from any to 255.255.255.255 The first rule allows communications within your local network, the second rule enables DHCP discovery and negotiation. Kind regards Quote Share this post Link to post