View Single Post
  #2   (View Single Post)  
Old 13th December 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Hello, and welcome!

The major syntax changes that including changing the "rdr" directive to "rdr-to" occurred with the release of OpenBSD 4.7. The two releases supported at this time are 5.3 and 5.4.

From the pf.conf(5) man page for OpenBSD 4.6, the "no rdr" sytax was shown in this example:
Code:
     In the example below, packets bound for one specific server, as well as
     those generated by the sysadmins are not proxied; all other connections
     are.

         no rdr on $int_if proto { tcp, udp } from any to $server port 80
         no rdr on $int_if proto { tcp, udp } from $sysadmins to any port 80
         rdr on $int_if proto { tcp, udp } from any to any port 80 \
             -> 127.0.0.1 port 80
The syntax was simplified. With rdr-to directives usable with either pass or match rules, the equivalent to the no rdr rule is not needed. Here is the same example, from the 5.4 version of the same man page:
Code:
     In the example below, packets bound for one specific server, as well as
     those generated by the sysadmins are not proxied; all other connections
     are.

         pass in on $int_if proto { tcp, udp } from any to any port 80 \
               rdr-to 127.0.0.1 port 80
         pass in on $int_if proto { tcp, udp } from any to $server port 80
         pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80

Last edited by jggimi; 13th December 2013 at 06:33 PM. Reason: clarity
Reply With Quote