PF Question
Patrick M. Hausen
hausen at punkt.de
Sun Nov 22 18:38:04 UTC 2020
Hi!
> Am 21.11.2020 um 23:42 schrieb Saad, Mark <Mark.Saad at lucera.com>:
> This is sort of an abstract question. When using pf to only preform nat do I need to have at least one
> rule ? Can I omit the boiler plate "scrub rule " ? Other then allowing fragments and other fun
> stuff to get passed would this have any other implications ?
Here’s my /etc/pf.conf on my DigitalOcean droplet that I use
as a WireGuard endpoint if I need an „US IP address“ for some reason:
—————
root at do:~ # cat /etc/pf.conf
nat on vtnet0 from 192.168.254.0/24 to any -> 134.209.*.*
nat on vtnet0 from 2003:a:****:****::/64 to any -> 2604:a880:400:d1::****:****
pass all
—————
6to6-NAT because of the restrictions of that droplet (cheapest tier).
And pf because ipfw could not do 6to6 last I checked - i am way more
familiar with ipfw.
But I guess that answers your question with a clear yes.
Kind regards,
Patrick
--
punkt.de GmbH
Patrick M. Hausen
.infrastructure
Kaiserallee 13a
76133 Karlsruhe
Tel. +49 721 9109500
https://infrastructure.punkt.de
info at punkt.de
AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20201122/10f737a2/attachment.sig>
More information about the freebsd-net
mailing list