I just returned to pf after a year (maybe longer) away from it. I had fun returning to pf and getting my soekris running as a router / VPN / blah blah blah. This post is mostly stuff I’ll need to remember in the future if / when I get stuck doing other stuff.
The new scrub rule format is like such:
match in all scrub (options)
Need to remember this.
And as for the NAT rules, here’s an easy starter:
nat on $RED_IF inet from $GREEN_IF:network to any -> ($RED_IF)
As for binat you’re on your own.
Lastly, reassemble tcp tends to screw up ssh on the outbound side (i.e. no match out all scrub (reassemble tcp)) so don’t do it.
That’s all for now.
April 19, 2010, 11:22pm
