pf: redirect a packet's port but not its address?
Andrey V. Elsukov
bu7cher at yandex.ru
Tue Jan 23 14:16:36 UTC 2018
On 23.01.2018 03:35, Alan Somers wrote:
> All of these problems could be solved if pf were able to redirect a
> packet's destination port but not its address. You could bind the daemon
> to INADDR_ANY instead of localhost, and the packet it receives would be
> destined to the same address that the sender intended.
>
> Unfortunately, pf currently lacks this capability. But it looks like it
> could be added without breaking existing pf.conf syntax. Would this be a
> good idea?
>
> I don't use ipfw, but from reading the man page I believe that it has the
> same problem.
I think ipfw should work with such configuration using "fwd" action,
since TCP/UDP has special handling for this.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180123/776df0a4/attachment.sig>
More information about the freebsd-net
mailing list