00dani/pf-dev
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial commit: HTTP only, with Justfile for setup

Browse source
This commit is contained in:
Danielle McLean 2024-03-06 13:07:51 +11:00
commit 7985efcb9c
Signed by: 00dani
GPG key ID: 52C059C3B22A753E
3 changed files with 72 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Vim swapfiles
.*.swp
# Generated files from pf-dev itself
pf.conf
.load

6
anchors/http Normal file
View file

@ -0,0 +1,6 @@
# vim: set ft=pf :
# Handle loopback HTTP and HTTPS requests (ports 80 and 443) on non-privileged ports 8080 and 8443.
rdr pass inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443
rdr pass inet6 proto tcp from any to ::1 port 80 -> ::1 port 8080
rdr pass inet6 proto tcp from any to ::1 port 443 -> ::1 port 8443

60
justfile Normal file
View file

@ -0,0 +1,60 @@
set positional-arguments := true
# Top-level PF anchor names are allowed to be anything, but reverse domain
# names seem to be preferred (MacOS uses com.apple by default), so I've
# followed that convention with my own domain.
anchor-name := "me.00dani.pf-dev"
anchor-pattern := replace(anchor-name, ".", "\\.")
# Display some basic info on how to use this project.
help:
#!/bin/sh
echo "Enter \`just load\` with the anchors you want to enable! Supported anchors are:"
cd anchors
for ANCHOR in *; do
printf "%5s %s\n" "$ANCHOR" "$(sed -n '2{s/^# //p;q;}' "$ANCHOR")"
done
grep -q '{{ anchor-pattern }}' /etc/pf.conf || {
printf "\n%s\n" "You will also need to run \`just install\` (uses sudo) for initial setup."
}
# Generate a parent anchor file that loads the child anchors of your choice. Example: just load dns http
load +ANCHORS:
#!/bin/sh
printf '%s\n%s\n' '# vim: set ft=pf :' '# This file was autogenerated! Call `just load` to create a fresh one.' > .load
for ANCHOR; do
[ -f "anchors/$ANCHOR" ] || {
echo "Unknown anchor $ANCHOR!" >&2
exit 1
}
printf '\nrdr-anchor "%s"\nload anchor "%s" from "%s/anchors/%s"\n' "$ANCHOR" "$ANCHOR" "$PWD" "$ANCHOR" >> .load
done
# Globally install a modified pf.conf with pf-dev hooks added (will use sudo).
install: _generate-pf-conf _display-pf-conf _install-pf-conf
_generate-pf-conf:
sed -En '/"{{ anchor-pattern }}"/d; p; /^([a-z]+-)?anchor "com\.apple/ s/".+"/"{{ anchor-name }}"/ p' /etc/pf.conf > pf.conf
echo 'load anchor "{{ anchor-name }}" from "{{ justfile_directory() }}/.load"' >> pf.conf
[no-exit-message]
_display-pf-conf:
#!/bin/sh
echo "Generated a new pf.conf with pf-dev hooks included."
diff -u --color=auto /etc/pf.conf pf.conf
err=$?
if [ $err -eq 0 ]; then
echo "No changes need to be made to your pf.conf."
rm pf.conf
exit 1 # skip attempting to install
fi
if [ $err -gt 1 ]; then
echo "Failed to diff the generated pf.conf against your current pf.conf."
exit $err
fi
[confirm("Are you happy to globally install the above pf.conf on your system?")]
_install-pf-conf:
sudo cp pf.conf /etc/pf.conf
rm pf.conf