Martin Toft wrote:
On Thu, Jul 31, 2008 at 03:35:45PM -0500, Jacob Lambert wrote:
Hi guys,
I'm new to pf but am learning quick. I've got one pf box up and running
and working great. Now I want to try to simplify things a bit.
I have multiple VMs each with their own public IP that need nat and rdr
rules. For now I've been duplicating the nat and rdr rules for each new
virtual host. Currently there's only a few VMs but soon I'll have 30-50
VMs each with mostly the same nat and rdr rules.
Is there some way to simplify this by using lists or tables. (which I
know little about, but my 'Book of PF' is being shipped as we speak)
binat might be what you're looking for. From pf.conf(5):
binat
A binat rule specifies a bidirectional mapping between an
external IP netblock and an internal IP netblock.
Cool, I'll look into that.
Other than that I don't think there is any syntactic sugar to do what
you ask for. An idea could be to write a shell script to generate the
ruleset if the addresses and/or ports are systematic in some way.
Hehe, that's what I've been doing.
Thanks again!
-jacob
