From c9a777dc5d718e6f9f74b85ed1e611aa60f92a78 Mon Sep 17 00:00:00 2001
From: swaggboi <swaggboi@gangstalking.agency>
Date: Sun, 23 Mar 2025 17:38:12 -0400
Subject: [PATCH] Make firewall 'one size fits all'

---
 my_etc/npf.conf | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/my_etc/npf.conf b/my_etc/npf.conf
index 2defbcb..6032ddf 100644
--- a/my_etc/npf.conf
+++ b/my_etc/npf.conf
@@ -1,12 +1,7 @@
 # TODO: Allow in ICMP(v6) by message type
 # TODO: Rate-limit ssh
 
-# ICMP(v6)
-alg "icmp"
-
-group "services" in on vioif0 {
-      pass stateful proto tcp to any port ssh
-}
+$services = { mdns, ssh }
 
 group "localhost" in on lo0 {
       pass stateful all
@@ -16,6 +11,8 @@ group default {
       # Default rule
       block all
 
+      pass stateful in proto { tcp, udp } to any port $services
+
       # Let it goooooo
       pass stateful out all
 }