scrub in all
nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB
rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL ->
$IP_JAIL_TOR port $PORT_TOR_JAIL
That looks good.
There is no "pass out quick" or "pass out on" statement?
Sure, there is.
pass out on $ext_if proto { tcp udp icmp } all modulate state
Remove 'pass' form 'nat pass' if the packet shall flow through the 'pass
out' rule after 'nat'. Otherwise it will pass out without respect to any
rule.
[] https:// www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5#end
--
imho, looking forward to 33C3 :)
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
