Enable firewall for laptop on FreeBSD.

ansible/environments/laptop/host_vars/odofreebsd

@@ -5,10 +5,10 @@ zfs_snapshot_datasets:
   - path: zroot/freebsd/current/be/default
 sshd_enabled: true
 sshd_conf: "sshd_config"
-#pf_config: "odofreebsd_pf.conf"
-#pflog_conf:
-#  - name: 0
-#    dev: pflog0
+pf_config: "odofreebsd_pf.conf"
+pflog_conf:
+ - name: 0
+   dev: pflog0
 # dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"

ansible/roles/firewall/files/odofreebsd_pf.conf

@@ -2,7 +2,6 @@ ext_if = "{ wlan0 }"
 not_ext_if = "{ !wlan0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
-dns_redirect = "{ 10.193.223.1 10.213.177.1 10.215.1.1 }"
 
 dhcp = "{ bootpc, bootps }"
 #allow = "{ wgf wgh drmario colo }"
@@ -15,9 +14,15 @@ udp_pass_in = "{ 53 51820 }"
 # options
 set skip on lo
 
+# queueing
+# altq on wlan0 cbq queue { def, stuff }
+# queue def cbq(default borrow)
+# queue stuff bandwidth	8Mb cbq { dagger }
+# queue dagger cbq(borrow)
+
 # redirections
-#nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
-#rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
+nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
+rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
 
 # Redirect jaeger ports to virtual machine.
 # nat pass on lo inet from 127.0.0.0/24 to 127.0.0.0/24 port {6831 6832 16686 14268} -> (jail_nat)
@@ -27,9 +32,9 @@ set skip on lo
 block log all
 pass out on $ext_if
 
-#pass in on jail_nat
+pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
-#pass out on jail_nat from $jail_nat_v4
+pass out on jail_nat from $jail_nat_v4
 
 # We pass on the interfaces listed in allow rather than skipping on
 # them because changes to pass rules will update when running a