On Thu, Jul 31, 2008 at 03:35:45PM -0500, Jacob Lambert wrote:
> Hi guys,
>
> I'm new to pf but am learning quick. I've got one pf box up and running
> and working great. Now I want to try to simplify things a bit.
>
> I have multiple VMs each with their own public IP that need nat and rdr
> rules. For now I've been duplicating the nat and rdr rules for each new
> virtual host. Currently there's only a few VMs but soon I'll have 30-50
> VMs each with mostly the same nat and rdr rules.
>
> Is there some way to simplify this by using lists or tables. (which I
> know little about, but my 'Book of PF' is being shipped as we speak)
binat might be what you're looking for. From pf.conf(5):
binat
A binat rule specifies a bidirectional mapping between an
external IP netblock and an internal IP netblock.
Other than that I don't think there is any syntactic sugar to do what
you ask for. An idea could be to write a shell script to generate the
ruleset if the addresses and/or ports are systematic in some way.
Martin
