From 4b4dca9a49dfd72845d98c0bb18317e2f6025402 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 4 Dec 2022 02:12:10 -0500
Subject: [PATCH] Allow the wireguard interfaces.

---
 ansible/roles/firewall/files/homeserver_pf.conf | 4 ++--
 ansible/roles/firewall/files/odofreebsd_pf.conf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/firewall/files/homeserver_pf.conf b/ansible/roles/firewall/files/homeserver_pf.conf
index 83ffeed..a374e05 100644
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@@ -3,7 +3,7 @@ jail_net_v4 = "10.193.223.0/24"
 full_nat_v4 = "10.213.177.0/24"
 
 dhcp = "{ bootpc, bootps }"
-# allow = "{ }"
+allow = "{ wgh wgf }"
 
 tcp_pass_in = "{ 22 }"
 udp_pass_in = "{ 53 51820 }"
@@ -32,7 +32,7 @@ pass out on $ext_if
 # `service pf reload` but interfaces that we `skip` will not update (I
 # forget if its from adding, removing, or both. TODO: test to figure
 # it out)
-# pass quick on $allow
+pass quick on $allow
 
 pass on $ext_if proto icmp all
 pass on $ext_if proto icmp6 all
diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf
index f82f37e..16c77e8 100644
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -3,7 +3,7 @@ jail_net_v4 = "10.193.223.0/24"
 full_nat_v4 = "10.213.177.0/24"
 
 dhcp = "{ bootpc, bootps }"
-# allow = "{ host_uplink0 }"
+allow = "{ wgf wgh }"
 
 tcp_pass_in = "{ 22 }"
 udp_pass_in = "{ 53 51820 }"
@@ -30,7 +30,7 @@ pass out on $ext_if
 # `service pf reload` but interfaces that we `skip` will not update (I
 # forget if its from adding, removing, or both. TODO: test to figure
 # it out)
-# pass quick on $allow
+pass quick on $allow
 
 pass on $ext_if proto icmp all
 pass on $ext_if proto icmp6 all