diff options
Diffstat (limited to 'roles/pf/templates/pf.conf.j2')
| -rw-r--r-- | roles/pf/templates/pf.conf.j2 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 new file mode 100644 index 0000000..6bc936a --- /dev/null +++ b/roles/pf/templates/pf.conf.j2 @@ -0,0 +1,24 @@ +# managed by Ansible +{% import 'macros.j2' as macros with context %} + +# common configuration +set block-policy drop +set loginterface egress +set skip on { lo wg0 } +block all + +# force ssh if not present below +pass in quick on egress proto tcp to port 22 + +# host services +{% for service in __services %} +pass in quick on egress proto {{ service["protocol"] }} to port {{ service["port"] }} +{% endfor %} + +# wireguard +pass in on egress inet proto udp from any to any port 50000 +pass out quick on egress inet from (wg0:network) nat-to (egress:0) + +# output network +pass out quick inet +pass in proto { icmp, icmp6 } all |