From 6420db5385d77c6bd7043d8918f63de4c2edf154 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 13 Jul 2024 15:39:06 -0400
Subject: [PATCH] Pipe not working.

---
 ansible/roles/firefox/defaults/main.yaml        | 12 ++++++++++++
 ansible/roles/firewall/files/homeserver_pf.conf |  7 +++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/firefox/defaults/main.yaml b/ansible/roles/firefox/defaults/main.yaml
index a928558..6517d50 100644
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@@ -21,3 +21,15 @@ firefox_config:
   privacy.globalprivacycontrol.enabled: true
   # Disable "studies" (slice testing)
   app.shield.optoutstudies.enabled: false
+  # Disable attribution which is used by advertisers to track you.
+  dom.private-attribution.submission.enabled: false
+  # Disable battery status, used to track users.
+  dom.battery.enabled: false
+  # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
+  dom.event.clipboardevents.enabled: false
+  # Resist fingerprinting
+  privacy.resistFingerprinting: true
+  # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
+  privacy.firstparty.isolate: true
+  # Do not preload URLs that auto-complete in the address bar.
+  browser.urlbar.speculativeConnect.enabled: false
diff --git a/ansible/roles/firewall/files/homeserver_pf.conf b/ansible/roles/firewall/files/homeserver_pf.conf
index 240c3fd..7ebcfb5 100644
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@@ -52,13 +52,12 @@ nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.216 port 22 -> 10.215
 rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202
 
 # filtering
+# match in on jail_nat from any to any dnpipe(1, 2)
+# match in on restricted_nat from any to any dnpipe(1, 2)
+
 block log all
 pass out on $ext_if
 
-# match in on jail_nat from any to any dnpipe 1
-# match in on jail_nat from any to $rfc1918 dnpipe 2
-# match in on restricted_nat from any to any dnpipe 1
-
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4