From 8cdab9a30804afff2aa4e04148d61c9274065013 Mon Sep 17 00:00:00 2001
From: swaggboi <swaggboi@gangstalking.agency>
Date: Sat, 15 Mar 2025 17:35:45 +0000
Subject: [PATCH] Adding some system-wide things

---
 my_etc/npf.conf          | 21 +++++++++++++++++++++
 my_usr/pkg/etc/doas.conf |  1 +
 2 files changed, 22 insertions(+)
 create mode 100644 my_etc/npf.conf
 create mode 100644 my_usr/pkg/etc/doas.conf

diff --git a/my_etc/npf.conf b/my_etc/npf.conf
new file mode 100644
index 0000000..2defbcb
--- /dev/null
+++ b/my_etc/npf.conf
@@ -0,0 +1,21 @@
+# TODO: Allow in ICMP(v6) by message type
+# TODO: Rate-limit ssh
+
+# ICMP(v6)
+alg "icmp"
+
+group "services" in on vioif0 {
+      pass stateful proto tcp to any port ssh
+}
+
+group "localhost" in on lo0 {
+      pass stateful all
+}
+
+group default {
+      # Default rule
+      block all
+
+      # Let it goooooo
+      pass stateful out all
+}
diff --git a/my_usr/pkg/etc/doas.conf b/my_usr/pkg/etc/doas.conf
new file mode 100644
index 0000000..2fa2610
--- /dev/null
+++ b/my_usr/pkg/etc/doas.conf
@@ -0,0 +1 @@
+permit persist keepenv setenv { PATH } :wheel