Date: Sun, 22 Nov 2020 19:37:54 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: "Saad, Mark" <Mark.Saad@lucera.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: PF Question Message-ID: <749A9FE5-0F1C-4829-AC34-EB0C45C30EAA@punkt.de> In-Reply-To: <BL0PR12MB47564448F65D65C5F43F776095FE0@BL0PR12MB4756.namprd12.prod.outlook.com> References: <BL0PR12MB47564448F65D65C5F43F776095FE0@BL0PR12MB4756.namprd12.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi! > Am 21.11.2020 um 23:42 schrieb Saad, Mark <Mark.Saad@lucera.com>: > This is sort of an abstract question. When using pf to only preform nat do I need to have at least one > rule ? Can I omit the boiler plate "scrub rule " ? Other then allowing fragments and other fun > stuff to get passed would this have any other implications ? Here’s my /etc/pf.conf on my DigitalOcean droplet that I use as a WireGuard endpoint if I need an „US IP address“ for some reason: ————— root@do:~ # cat /etc/pf.conf nat on vtnet0 from 192.168.254.0/24 to any -> 134.209.*.* nat on vtnet0 from 2003:a:****:****::/64 to any -> 2604:a880:400:d1::****:**** pass all ————— 6to6-NAT because of the restrictions of that droplet (cheapest tier). And pf because ipfw could not do 6to6 last I checked - i am way more familiar with ipfw. But I guess that answers your question with a clear yes. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEgzqrjO/mj9CSsTg2kG8u4u3aiVwFAl+6sAIACgkQkG8u4u3a iVwcWAf/U2AKO47B2yl+Bg3c1esrrF/YfLDAIHaNwm5+1Ah9qHxIWY/fVbtcO8dC Nc16Bxk0jzuFCd9OjGmaB42x9ZfCqv7EPluMMBMKZZpXCQqIbqm4189HLUg71nNz FFUFABMd143dgtKL2SuPTg8sEPeF3UeOoT/RGhw7eGsjN3YJu3OBK4ZLqtDI7bLc tqeHw/QMqTDkKFqV2XuzA6TVNvesoE9jbg8pgbSmwqRCwkIl+A1s5vNyibbAjaJT dTLcMHseUmIQdo03V1bYBWa5J3iPnOoTJqjDbyMXUzYVHuYna/yAGVAoe0r1FffO J8ZVhIxVO/wDB0KvSbH6HARFx1jEfg== =9WS4 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?749A9FE5-0F1C-4829-AC34-EB0C45C30EAA>