Hi! > Am 21.11.2020 um 23:42 schrieb Saad, Mark <[email protected]>: > This is sort of an abstract question. When using pf to only preform nat do I > need to have at least one > rule ? Can I omit the boiler plate "scrub rule " ? Other then allowing > fragments and other fun > stuff to get passed would this have any other implications ?
Here’s my /etc/pf.conf on my DigitalOcean droplet that I use as a WireGuard endpoint if I need an „US IP address“ for some reason: ————— root@do:~ # cat /etc/pf.conf nat on vtnet0 from 192.168.254.0/24 to any -> 134.209.*.* nat on vtnet0 from 2003:a:****:****::/64 to any -> 2604:a880:400:d1::****:**** pass all ————— 6to6-NAT because of the restrictions of that droplet (cheapest tier). And pf because ipfw could not do 6to6 last I checked - i am way more familiar with ipfw. But I guess that answers your question with a clear yes. Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de [email protected] AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
signature.asc
Description: Message signed with OpenPGP
