关于 OS X Yosemite 10.10.4 的 PF 问题:
我知道set skip on lo0禁用所有过滤(nat和重定向)lo0但是如果我需要保存此接口上的 httpd 端口转发规则并禁用所有其他过滤,该怎么办:
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443
我该如何做呢?
pf.conf:
### MACROS
lan_int="en0"
wifi_int="en2"
###----- OPTIONS ------###
set block-policy drop
set fingerprints "/etc/pf.os"
set ruleset-optimization basic
### disable all filtering on loopback interface
set skip on lo0
###--- NORMLIZATION ---###
### Scrub incoming packets
scrub in all no-df
###----- QUEUEING -----###
###--- TRANSLATION: ---###
### HTTPd Port Forwarding
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443
###---- FILTERING -----###
### Antispoof
antispoof log quick for { lo0 $lan_int $wifi_int }
### Block by default but open ports only for internal interface lo0
block in log
block out log
请帮忙!!!
答案1
最后我找到了答案:
使用pass on lo0 all而不是set skip on lo0
答案2
放置在靠近顶部的位置(可能是第一个过滤规则)可以执行以下操作:
pass quick on lo0 no state