-
-
Save mowings/633a16372fb30ee652336c8417091222 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| interfaces=( $(netstat -in | egrep 'utun\d .*\d+\.\d+\.\d+\.\d+' | cut -d ' ' -f 1) ) | |
| rulefile="rules.tmp" | |
| echo "" > $rulefile | |
| sudo pfctl -a com.apple/tun -F nat | |
| for i in "${interfaces[@]}" | |
| do | |
| RULE="nat on ${i} proto {tcp, udp, icmp} from 192.168.64.0/24 to any -> ${i}" | |
| echo $RULE >> $rulefile | |
| done | |
| sudo pfctl -a com.apple/tun -f $rulefile |
I can confirm this works with macOS 10.13.2 (high sierra)
@hayderimran7 Your script is not working bc it is missing the anchor "tun". Follow this guide to add it.
https://apple.stackexchange.com/questions/312400/pfctl-howto-add-an-anchor-and-make-it-active-load-it
I tried this under macOS 10.5.5 Catalina and also get this "No ALTQ support in kernel" message.
Unfortunately also @clemcke 's tipp is not working under this version.
I also have a question to the rule itself:
What is it exactly doing?
What does this 192.168.64.0/24 mean?
I need a way to prevent calls to a remote network to where I'm connected over a pulse secure vpn client for a specific ip range (10.211.55.0/24).
Would this script do this for me (if it would work in generell) and if I would change the "192.168.64.0/24" part to "10.211.55.0/24"?
Or is this working the other way around, so only ip's in the range 192.168.64.0/24 get routed to the remote net?
I was able to make it work on MacOS Sierra by changing my VPN settings: allowing local LAN access but disabling blocking connections to untrusted servers