s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 09:13:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed set -e from PF kill switch guide scripts

Browse Source
This commit is contained in:
Sun Knudsen 2020-09-04 15:34:08 -04:00
parent dad61ec310
commit 9e972fe209
No known key found for this signature in database
GPG Key ID: 1FA767862BBD1305
1 changed files with 14 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
how-to-configure-self-hosted-vpn-kill-switch-using-pf-firewall-on-macos/README.md
View File

@ -287,8 +287,6 @@ Use `socketfilterfw` to block specific apps.
cat << "EOF" > /usr/local/sbin/strict.sh cat << "EOF" > /usr/local/sbin/strict.sh
#! /bin/sh #! /bin/sh
set -e
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
echo "This script must run as root" echo "This script must run as root"
exit 1 exit 1
@ -310,8 +308,6 @@ printf "\n"
pfctl -F all -f /etc/pf.conf pfctl -F all -f /etc/pf.conf
printf "\n%s" "${green}Strict mode enabled${end}" printf "\n%s" "${green}Strict mode enabled${end}"
exit 0
EOF EOF
chmod +x /usr/local/sbin/strict.sh chmod +x /usr/local/sbin/strict.sh
``` ```
@ -324,8 +320,6 @@ Use `socketfilterfw` to unblock specific apps (useful to allow 1Passwords [lo
cat << "EOF" > /usr/local/sbin/trusted.sh cat << "EOF" > /usr/local/sbin/trusted.sh
#! /bin/sh #! /bin/sh
set -e
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
echo "This script must run as root" echo "This script must run as root"
exit 1 exit 1
@ -334,14 +328,6 @@ fi
red=$'\e[1;31m' red=$'\e[1;31m'
end=$'\e[0m' end=$'\e[0m'
function disable()
{
/usr/local/sbin/strict.sh
exit 0
}
trap disable EXIT
# /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /Applications/1Password\ 7.app # /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /Applications/1Password\ 7.app
# /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/local/Cellar/squid/4.8/sbin/squid # /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/local/Cellar/squid/4.8/sbin/squid
# printf "\n" # printf "\n"
@ -356,6 +342,13 @@ pfctl -F all -f /etc/pf.conf
printf "\n%s\n\n" "${red}Trusted mode enabled (press ctrl+c to disable)${end}" printf "\n%s\n\n" "${red}Trusted mode enabled (press ctrl+c to disable)${end}"
function disable()
{
/usr/local/sbin/strict.sh
}
trap disable EXIT
while : while :
do do
sleep 60 sleep 60
@ -370,8 +363,6 @@ chmod +x /usr/local/sbin/trusted.sh
cat << "EOF" > /usr/local/sbin/disabled.sh cat << "EOF" > /usr/local/sbin/disabled.sh
#! /bin/sh #! /bin/sh
set -e
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
echo "This script must run as root" echo "This script must run as root"
exit 1 exit 1
@ -380,18 +371,17 @@ fi
red=$'\e[1;31m' red=$'\e[1;31m'
end=$'\e[0m' end=$'\e[0m'
function disable()
{
/usr/local/sbin/strict.sh
exit 0
}
trap disable EXIT
pfctl -d pfctl -d
printf "\n%s\n\n" "${red}Firewall disabled (press ctrl+c to enable)${end}" printf "\n%s\n\n" "${red}Firewall disabled (press ctrl+c to enable)${end}"
function disable()
{
/usr/local/sbin/strict.sh
}
trap disable EXIT
while : while :
do do
sleep 60 sleep 60