openbsd.app/support/pf.conf

#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return	# block stateless traffic
pass		# establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

block return in on ! lo0 proto tcp to port { 3000, 8080, 4343 }

pass in on egress inet proto tcp from any to (egress) port 80 rdr-to 127.0.0.1 port 8080
pass in on egress inet proto tcp from any to (egress) port 443 rdr-to 127.0.0.1 port 4343
pass in on egress inet6 proto tcp from any to (egress) port 80 rdr-to ::1 port 8080
pass in on egress inet6 proto tcp from any to (egress) port 443 rdr-to ::1 port 4343
Add various support bits for running openbsd.app 2023-02-01 06:12:47 -07:00			`# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $`
			`#`
			`# See pf.conf(5) and /etc/examples/pf.conf`

			`set skip on lo`

			`block return # block stateless traffic`
			`pass # establish keep-state`

			`# By default, do not permit remote connections to X11`
			`block return in on ! lo0 proto tcp to port 6000:6010`

			`# Port build user does not need network`
			`block return out log proto {tcp udp} user _pbuild`

			`block return in on ! lo0 proto tcp to port { 3000, 8080, 4343 }`

			`pass in on egress inet proto tcp from any to (egress) port 80 rdr-to 127.0.0.1 port 8080`
			`pass in on egress inet proto tcp from any to (egress) port 443 rdr-to 127.0.0.1 port 4343`
			`pass in on egress inet6 proto tcp from any to (egress) port 80 rdr-to ::1 port 8080`
			`pass in on egress inet6 proto tcp from any to (egress) port 443 rdr-to ::1 port 4343`