[tor-relays] TransPort: Convert iptables to pf _ nat
Felix
zwiebel at quantentunnel.de
Tue Dec 27 08:39:42 UTC 2016
>>> scrub in all
>>> nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB
>>> rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL ->
>>> $IP_JAIL_TOR port $PORT_TOR_JAIL
>>
>> That looks good.
>>
>> There is no "pass out quick" or "pass out on" statement?
>
> Sure, there is.
> pass out on $ext_if proto { tcp udp icmp } all modulate state
Remove 'pass' form 'nat pass' if the packet shall flow through the 'pass
out' rule after 'nat'. Otherwise it will pass out without respect to any
rule.
[] https:// www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5#end
--
imho, looking forward to 33C3 :)
More information about the tor-relays
mailing list