teraflik · March 10, 2023 17:11
diff --git a/vpn_share.sh b/vpn_share.sh
 #!/bin/sh

 # https://roelant.net/2015/share-your-vpn-mac-el-capitan.html
 # https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-pf

 # clear all rules and reload pf conf
 sudo pfctl -F all -f /etc/pf.conf

 if [ "$1" =  "off" ]
 then
    echo "VPN sharing turned off"
    exit 0
 elif [ "$1" = "on" ]
 then
    # enable gateway
    sudo sysctl net.inet.ip.forwarding=1
    sudo sysctl net.inet6.ip6.forwarding=1

    # Replace with the interface used by internet sharing
    HOTSPOT_INTERFACE=bridge100

    # Replace utun3 with the current VPN interface, ifconfig | grep -A 2 <vpn_client_ip>
    VPN_INTERFACE=utun3

    RULE="nat on $VPN_INTERFACE from $HOTSPOT_INTERFACE:network to any -> ($VPN_INTERFACE)"
    FILE=./rule.conf

    if [ -f $FILE ]; then
        echo "Existing rule file found, deleting..."
        rm $FILE
    fi

    echo $RULE | tee -a $FILE
    sudo pfctl -f $FILE -e
    echo "VPN sharing turned ON"
 fi


 # # enable gateway at system boot
 # sysrc gateway_enable=yes
 # sysrc ipv6_gateway_enable=yes


 ###########################################
 # #
 # # Default PF configuration file.
 # #
 # # This file contains the main ruleset, which gets automatically loaded
 # # at startup.  PF will not be automatically enabled, however.  Instead,
 # # each component which utilizes PF is responsible for enabling and disabling
 # # PF via -E and -X as documented in pfctl(8).  That will ensure that PF
 # # is disabled only when the last enable reference is released.
 # #
 # # Care must be taken to ensure that the main ruleset does not get flushed,
 # # as the nested anchors rely on the anchor point defined here. In addition,
 # # to the anchors loaded by this file, some system services would dynamically
 # # insert anchors into the main ruleset. These anchors will be added only when
 # # the system service is used and would removed on termination of the service.
 # #
 # # See pf.conf(5) for syntax.
 # #

 # #
 # # com.apple anchor point
 # #
 # scrub-anchor "com.apple/*"
 # nat-anchor "com.apple/*"
 # rdr-anchor "com.apple/*"
 # dummynet-anchor "com.apple/*"
 # anchor "com.apple/*"
 # load anchor "com.apple" from "/etc/pf.anchors/com.apple"
	#!/bin/sh

	# https://roelant.net/2015/share-your-vpn-mac-el-capitan.html
	# https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-pf

	# clear all rules and reload pf conf
	sudo pfctl -F all -f /etc/pf.conf

	if [ "$1" = "off" ]
	then
	echo "VPN sharing turned off"
	exit 0
	elif [ "$1" = "on" ]
	then
	# enable gateway
	sudo sysctl net.inet.ip.forwarding=1
	sudo sysctl net.inet6.ip6.forwarding=1

	# Replace with the interface used by internet sharing
	HOTSPOT_INTERFACE=bridge100

	# Replace utun3 with the current VPN interface, ifconfig \| grep -A 2 <vpn_client_ip>
	VPN_INTERFACE=utun3

	RULE="nat on $VPN_INTERFACE from $HOTSPOT_INTERFACE:network to any -> ($VPN_INTERFACE)"
	FILE=./rule.conf

	if [ -f $FILE ]; then
	echo "Existing rule file found, deleting..."
	rm $FILE
	fi

	echo $RULE \| tee -a $FILE
	sudo pfctl -f $FILE -e
	echo "VPN sharing turned ON"
	fi


	# # enable gateway at system boot
	# sysrc gateway_enable=yes
	# sysrc ipv6_gateway_enable=yes


	###########################################
	# #
	# # Default PF configuration file.
	# #
	# # This file contains the main ruleset, which gets automatically loaded
	# # at startup. PF will not be automatically enabled, however. Instead,
	# # each component which utilizes PF is responsible for enabling and disabling
	# # PF via -E and -X as documented in pfctl(8). That will ensure that PF
	# # is disabled only when the last enable reference is released.
	# #
	# # Care must be taken to ensure that the main ruleset does not get flushed,
	# # as the nested anchors rely on the anchor point defined here. In addition,
	# # to the anchors loaded by this file, some system services would dynamically
	# # insert anchors into the main ruleset. These anchors will be added only when
	# # the system service is used and would removed on termination of the service.
	# #
	# # See pf.conf(5) for syntax.
	# #

	# #
	# # com.apple anchor point
	# #
	# scrub-anchor "com.apple/*"
	# nat-anchor "com.apple/*"
	# rdr-anchor "com.apple/*"
	# dummynet-anchor "com.apple/*"
	# anchor "com.apple/*"
	# load anchor "com.apple" from "/etc/pf.anchors/com.apple"