#!/bin/bash RULES=' if = "en0" allowed_domains = "{ wikipedia.org upload.wikimedia.org }" block return out proto {icmp, tcp, udp} from $if to ! $if:network pass out proto {icmp, tcp, udp} from $if to $allowed_domains ' function run_post_connect_hook { echo "running scripts after block" # run your scripts or commands here } function run_pre_disconnect_hook { echo "running scripts before block" # run your scripts or commands here } function enable_midline { PARSE=$(echo "$RULES" | sudo pfctl -vnf - 2>&1) if [ $? -eq 0 ]; then run_pre_disconnect_hook echo "$RULES" | cat /etc/pf.conf - | sudo pfctl -F rules -evf - > /dev/null 2>&1 echo "enabled" > /tmp/midline echo "blocklist enabled" else echo "error parsing" echo "$PARSE" fi } function disable_midline { if midline_is_enabled; then sudo pfctl -f /etc/pf.conf > /dev/null 2>&1 echo "blocklist disabled" rm -f /tmp/midline run_post_connect_hook else echo "midline not enabled" fi } function midline_is_enabled { # Get pf status if sudo -n true 2>/dev/null; then OUT=$(sudo pfctl -sr 2>&1) if [[ "$OUT" == *"block"* ]]; then return 0 else return 1 fi else # falling back to file check; could get out of sync if [ -f /tmp/midline ]; then return 0 else return 1 fi fi } function echo_help { echo -e "midline is a wrapper for pf firewall to get you somewhere between online and offline. usage: midline [option] options: on - turn filtering on off - turn filtering off toggle - (or no argument) toggles status of midline status - return status of midline. exit 0 if on and 1 if off reload - flush filters and reload; useful after changing RULES rules:" echo -e "\t$RULES" | fold | awk '{ print "\t" $0 }' echo "These can be edited by changing RULES in midline script. Make sure to \`midline reload\` after updated RULES. See https://www.openbsd.org/faq/pf/filter.html for rule syntax." } if [[ "$1" == "on" ]]; then if ! midline_is_enabled; then enable_midline else echo "midline already enabled" fi elif [[ "$1" == "reload" ]]; then enable_midline elif [[ "$1" == "off" ]]; then disable_midline elif [[ "$1" == "status" ]]; then if midline_is_enabled; then echo midline is enabled exit 0 else echo midline is disabled exit 1 fi elif [[ "$1" == "" ]] || [[ "$1" == "toggle" ]]; then if midline_is_enabled; then disable_midline else enable_midline fi elif [[ "$1" == "help" ]]; then echo_help else echo "command \"$1\" not recognized" echo_help exit 1 fi