virtual box

How to set up PF firewall in Mac OS X?

Given:
Host machine:

• OS X
  

Virtual machines:

• Parallels
  
• Linux Mint
  
• Windows 8, 10
  

Network access

• 4G modem Yota
  

Virtual machines are now receiving the network via shared network
What needs to be done

• Allow access to only 3 IP addresses (3 vpn servers) on the host machine (VPN server addresses)
  
• Make sure that each virtual machine uses its own VPN server, regardless of the host machine (Mac OS X), which will also have its own VPN, traffic should go separately
  
• Enable DNS, ICMP, local network to work normally
  

I'm trying to find a simple and concise solution without additional installation of IceFloor, Murus Firewall, etc.
Mac OS X comes with the wonderful OpenBSD PF firewall.

• .plist for autoplay rules already written
  
• If there are options with a mini router (I saw there are microrouters based on linux, bsd) - a ready-made image of a virtual machine in which you could set up a VPN or several VPN connections and make a bridged connection from working virtual machines, this would also be a solution.
  
• I am ready to consider VirtualBox as an alternative, but, unfortunately, it works much worse than Parallels in OS X.
  

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0 //EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">
<dict>
  <key>Label</key>
    <string>com.pf.customized</string>
  <key>Program</key>
    <string>/sbin/pfctl</string>
  <key>ProgramArguments</key>
    <array>
      <string>/sbin/pfctl</string>
      <string>-e</string>
      <string>-f</string>
      <string>/etc/pf/pf.customized.conf</string>
    </array>
  <key>RunAtLoad</key>
    <true/>
  <key>ServiceDescription</key>
    <string>Packet Filter (pf) Firewall</string>
  <key>StandardErrorPath</key>
    <string>/var/log/pf.log</string>
  <key>StandardOutPath</key>
    <string>/var/log/pf.log</string>
</dict>
</plist>