I am connecting to a wireguard server - say 1.2.3.4
When wg0 is down, internet should be blocked and it does get blocked as required. Is it possible to have a pf.conf which at the same time regardless of the state of wg0 down/up allow myself to ssh in?
I tried to add the line
at a few positions but either it does not allow ssh or allows ssh BUT does not block the internet when wg0 is down. Any ideas?
When wg0 is down, internet should be blocked and it does get blocked as required. Is it possible to have a pf.conf which at the same time regardless of the state of wg0 down/up allow myself to ssh in?
Code:
lan=re0
wifi=wlan0
vpn=tun0
wireguardnetwork=wg0
nat on wlan0 from 10.0.0.0/24 to any -> (wifi)
block in all
block all
set skip on lo
set skip on $wireguardnetwork
set skip on $vpn
pass on $wifi proto { udp,tcp } to 208.67.222.222
pass on $wifi proto udp to 1.2.3.4 port 60100
pass on $wifi proto tcp to 1.2.3.4 port 443
pass on $vpn
pass out proto {tcp, udp, icmp } from $wireguardnetwork to any keep state
I tried to add the line
Code:
pass in on $wifi inet proto tcp to 192.168.29.152 port 22