Creating tables to turn off internet in pf.conf

P

PlinyTheElder

Hi!

I am working on a hobby project and I need some help. I use mac osx Mac OS X whose firewalling is based on openbsd OpenBSD's packet filtering. I have some questions and I hope you can help me getting them cleared.

  1. I want to disable Internet for some time on my system. My progress so far is: edit the pf.conf file using the command line, add
    Code: 
    block all
    at the end of the pf.conf file and save the file and then reload the pf.conf rules using the pfctl -f /etc/pf.conf command.
  2. I want to create a tiny application that will have this slider which can be adjusted and it indicates how long the Internet can be disabled (say for fifteen minutes, eight hours etc.) and someone somewhere told me this:
    Ok. You probably want to look into tables. You can create a table and make it persist even if there are zero entries in it. Then you can modify the table with pfctl commands on the fly. No need to edit the file or reload rules every time.
    Click to expand...

I am not having CS background, so you have to be patient with me. I understood what he was trying to say but I am not sure how to implement it. The OpenBSD's documentation on PF tables is not so good (at least I didn't understand it very well). Could someone explain me how to use tables and make them persist and then ensure that all Internet traffic can be disabled by the said tables?
 
Suppose I create a table named disableNet and set it to persist. Then what? I mean how can i disable all the in and out traffic using the table disableNet.
 
I'm not sure, but maybe something like:

Code: 
table <LAN> persist { 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }
block in on em0 from <LAN> to any
block out on em0 from <LAN> to any
 
You must log in or register to reply here.
Back
Top