From afff9fafdab5356ce4cec80ae3361d4eff48eb38 Mon Sep 17 00:00:00 2001
From: mykola2312 <49044616+mykola2312@users.noreply.github.com>
Date: Thu, 5 Sep 2024 13:18:53 +0300
Subject: [PATCH] PF rule for NAT on vnat0. Finally I have real networking in
 virtual machines

---
 pf.conf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pf.conf b/pf.conf
index c523c57..cf4236d 100644
--- a/pf.conf
+++ b/pf.conf
@@ -4,10 +4,23 @@ set block-policy return
 set fingerprints "/etc/pf.os"
 # definitions
 pf_strict = "{ re0 wlan0 ue0 }"
+ext_ifs = "{ re0 wlan0 ue0 }"
+
+vm_if = "vnat0"
+vm_net = "10.0.0.0/24"
+
 table <goonlan> const { 192.168.100.0/24, 192.168.184.0/24, 192.168.55.0/24 }
 icmp_types = "{ 0, 3, 4, 8, 11, 12 }"
 # base rules
 set skip on lo0
+
+# translation
+## VM networking
+nat on re0 from $vm_if:network to any -> (re0)
+nat on wlan0 from $vm_if:network to any -> (wlan0)
+nat on ue0 from $vm_if:network to any -> (ue0)
+
+# filter
 ## allow any outgoing traffic
 pass out on pf_strict from any to any
 ## allow ICMP pings