On Tue, Feb 05, 2019 at 07:40:30AM +0000, Tom Smyth wrote: > >From looking at your config it looks like when the wiregusrd interface > comes up > You want to allow forward traffic > And you want masqurade traffic leaving on eth0 > > 1)You dont really need to add and remove those rules as the wireguard > tunnel comes up id suggest just adding firewall rules statically
I'm sort of clueless about the application, but I agree that it may not be worth the bother to insert and remove rules dynamically in most cases. If you really need to do that dance, ftp-proxy (shudder) is a prime example of one that does. > 5) to learn more about pf config check out Peter Hansteen's pf tutorial and > his book of pf and man pf.conf for more details Thanks for the recommendations :) Direct links at the end All the best, Peter PS: - > > in the OpenBSD pf dialect? I was going to ignore that but really: OpenBSD is the upstream for everyone else for PF and lots of other stuff (see eg[1]), so if there are such things as "dialect"s in play, they come from somewhere else. [1] https://home.nuug.no/~peter/openbsd_and_you (My "OpenBSD and you" propaganda-ish presentation) [2] https://home.nuug.no/~peter/pftutorial/ (The most recent version of the PF tutorial, slides refresh after each new session) [3] https://nostarch.com/pf3 (The Book of PF, 3rd ed by yours truly) [4] https://man.openbsd.org/pf.conf (The pf.conf(5) man page) [5] https://man.openbsd.org/ftp-proxy (the ftp-proxy(8) man page, if you really need to) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
