From owner-freebsd-net@freebsd.org Sat Nov 21 22:42:44 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 904104727F0 for ; Sat, 21 Nov 2020 22:42:44 +0000 (UTC) (envelope-from prvs=9594a43ac5=mark.saad@lucera.com) Received: from mx0b-0017d602.pphosted.com (mx0b-0017d602.pphosted.com [148.163.153.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CdpMl5MT9z3km9 for ; Sat, 21 Nov 2020 22:42:43 +0000 (UTC) (envelope-from prvs=9594a43ac5=mark.saad@lucera.com) Received: from pps.filterd (m0101316.ppops.net [127.0.0.1]) by mx0b-0017d602.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0ALMeOGd013508 for ; Sat, 21 Nov 2020 17:42:42 -0500 Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2100.outbound.protection.outlook.com [104.47.55.100]) by mx0b-0017d602.pphosted.com with ESMTP id 34y0h8h260-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 21 Nov 2020 17:42:42 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Krb3GbUvSLHmCa56HWerM6rtvgK1sblwUL0lx1xwSB563kgkmsD1dM3a4MqE1BF5Jr4vTbvCIcwzFbT5jo/IcNztO6tzvVoVWGW5ePfhzRDKlNsOjn0a0qoPmfuNwDQA7L0PiS5DbKOJpfQcP6RviPgHAlPMna/fy4xGNlFAm9LAbzBBH+tk7to+bPWsxpgDCAlXTqsdXE7dwcgM2w0ykFgiF/XZLqmOInG5mB/oF3UR0PE6QK2uwTgOS3zocr73zPZwTYEQofN5x9hIr7kGmH1r5m84XddFGudYBYbUVRdNX81mFezt/dU4+ejzo/wOS4yBVt3kcf1WD+PqajRZgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6y58v0WK1A8t1lTUc1DHpwBi1EWAQFKBpTOK1jQyDDc=; b=kBrdNmM2ML7G7JKVUyumji22we6eSMTRVu1dRl+x+GmH5mvM9KGntLgp/SMt94/apQPa+n84H0ATvPq1T5L2WmZLCaUUt3AVb9o5T129AfIT2W/PgpYcax30IbgthTs96o9Hiu/7h30fDooHTAj80Tva+kayofbxzYsHmiOu8nrpUkPTroWXwh5nkv5GwgipCbQBNDWbiEGvsbAVqBCt6SdDB2n2CJwC6axZ/MKH3teC3JmqREqC4He/vVz1P3Hf3IfqkicietCOvXq52HE08q0ONY53IQzoNcixMP4LAwrOPOJfVb2hOh03DXWK73m0EoUDvH+Ccf0oMkrV3E/5hQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=lucera.com; dmarc=pass action=none header.from=lucera.com; dkim=pass header.d=lucera.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bgccs.onmicrosoft.com; s=selector1-bgccs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6y58v0WK1A8t1lTUc1DHpwBi1EWAQFKBpTOK1jQyDDc=; b=HHOWoC2N3PgAReRBuwRE46Jt/kQoVosGj1TGtEsiaokXJnbNHRuTUd5BLm1Rl6gFO1OUYNIJJrmXJhRU/x7uM8U01wF7Z6QZXTmcg3nHrx7u5aMMIzeF366E8ub3zeFgZjiJxUtK2yUSbs/g/IsC2eQ/mXWiE/rr4aNDp21zRfQ= Received: from BL0PR12MB4756.namprd12.prod.outlook.com (2603:10b6:208:8d::29) by MN2PR12MB3965.namprd12.prod.outlook.com (2603:10b6:208:168::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.21; Sat, 21 Nov 2020 22:42:38 +0000 Received: from BL0PR12MB4756.namprd12.prod.outlook.com ([fe80::ecf2:6e89:1581:11a]) by BL0PR12MB4756.namprd12.prod.outlook.com ([fe80::ecf2:6e89:1581:11a%7]) with mapi id 15.20.3564.035; Sat, 21 Nov 2020 22:42:38 +0000 From: "Saad, Mark" To: "freebsd-net@freebsd.org" Subject: PF Question Thread-Topic: PF Question Thread-Index: AQHWwFXatOMGIQSGckCCD3e/4yuo1Q== Date: Sat, 21 Nov 2020 22:42:37 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [96.232.87.29] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dc655545-af10-4345-bb80-08d88e6ebf94 x-ms-traffictypediagnostic: MN2PR12MB3965: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: eLwFSmuUlFm42FptF+EZAiVMta9RbZrLru/+y2iK2+G+0bLy6/lUyhs8oy0/av/4NXT5LNsG5SlYVbHHLQRwWD9ppgrZY7+zoWpQheM5e+ML5d9QqmhkIFrx/+jPfRBhjGQVmIeztE4yG1tGNynI0S7use2p7WqAaQgkZ4Qfg0FEjr/fQ0+ciX3H/qdCVYJVuRNTMmPRht8oM/xlgNPLh37HB/8PcEYgihgfJVYSrnG+3G45GSKBFMuc060MMvdSogrgJB9yU+StCC2qRk63vesjfnzKraaRCgmnFOUACN59kr0MQYRmSVIwy2941RLvKYAAZfrV8ePoxRsD7J8++A== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR12MB4756.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(136003)(396003)(346002)(376002)(7696005)(66476007)(71200400001)(2906002)(52536014)(6916009)(7116003)(478600001)(66446008)(64756008)(5660300002)(8936002)(3480700007)(9686003)(316002)(8676002)(26005)(4744005)(33656002)(66946007)(6506007)(55016002)(86362001)(186003)(76116006)(66556008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: jZ5a5d3QgM4yTq4ZlVkQojSm3seKcBKvLAou6KQn8pUwLA+F9amE0r/GLreNUuBiNN/aKmnivn/6Gt7N4ZqnDFU9+Jd6vAoWvr5WOTQVPj1yoDp+lGuS7DvaM1+7IGIr8LLweb5bVdHPI1HHPFZsZxmjysw6f+kTPuPTTW+wZgxqC1V7llt+1TQKO73VCNyPqDvDm13gOnHqRxfoDwzoj+1LVkglkgObEX9tz5TJlPj/9veBFXFlIRndRQNNR7mwxJj/v4zSOQIa2vDO8bupx+7yk9GpFV29V+IJPZrHqlJ+41bAO7OJ1FuyX2GoMJ4l87IItM9yvR7blXflfDw6V88aKXgbKqLunGQ8xGzP6uBlXBh+/3bb9V1uvVSMQp6Iir0wlX8zAVzSpUdauARFN7I1+hJn5lP4NrpynAT8Ut0FV0yo+8n5i+9D47zfSMZDMLxj5fvxdLnf33Rrn1G87liSRHc2KH+7obI1bgG10vdr8OppMZHL0vc4brJd/DBixpsCOhrigOpywzKktlVGau0ciakR3jV7VaTomyMnIhVi5eIY9DUxegDtAbTcmsBYpUdFqr6XQjihSiDMttwNGJg0lkqVRpHKyLSZvx4LzD1E3nes54ErWRbC+fPqDSCQ8JaLyePYC/ocIPpD2tEpag== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: lucera.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB4756.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dc655545-af10-4345-bb80-08d88e6ebf94 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2020 22:42:37.9400 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cfeb5f5e-839a-44b8-ab46-47157d8f1241 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: obqHRJyEB5MYhvlPTaCodi0GFeuSZVCScfBVaQEACNhqofnDTGL3if6tmEND9rhKA1jMKrpd80S9iiwk2eZ7lA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3965 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-21_04:2020-11-20, 2020-11-21 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=498 phishscore=0 clxscore=1015 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 bulkscore=0 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011210159 X-Rspamd-Queue-Id: 4CdpMl5MT9z3km9 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bgccs.onmicrosoft.com header.s=selector1-bgccs-onmicrosoft-com header.b=HHOWoC2N; arc=pass (microsoft.com:s=arcselector9901:i=1); dmarc=none; spf=pass (mx1.freebsd.org: domain of prvs=9594a43ac5=mark.saad@lucera.com designates 148.163.153.124 as permitted sender) smtp.mailfrom=prvs=9594a43ac5=mark.saad@lucera.com X-Spamd-Result: default: False [-4.50 / 15.00]; HAS_XOIP(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:148.163.153.124]; DKIM_TRACE(0.00)[bgccs.onmicrosoft.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[148.163.153.124:from]; ASN(0.00)[asn:22843, ipnet:148.163.152.0/22, country:US]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[Mark.Saad@lucera.com,prvs=9594a43ac5=mark.saad@lucera.com]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[bgccs.onmicrosoft.com:s=selector1-bgccs-onmicrosoft-com]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[lucera.com]; FORGED_SENDER_VERP_SRS(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[148.163.153.124:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[148.163.153.124:from]; TO_DN_EQ_ADDR_ALL(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[148.163.153.124:from]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Nov 2020 22:42:44 -0000 Hi Net=0A= This is sort of an abstract question. When using pf to only preform nat d= o I need to have at least one=0A= rule ? Can I omit the boiler plate "scrub rule " ? Other then allowing fra= gments and other fun=0A= stuff to get passed would this have any other implications ?=0A= =0A= =0A= ---=0A= Mark Saad=0A= Lucera Financial Infrastructures, LLC=0A= msaad@lucera.com=0A= =0A= =0A=