Saturday, November 1, 2008

Transparent proxy rules for PF

Another Firewall Builder CookBook chapter tries to reproduce rules for transparent proxy with PF found in the document OpenBSD Packet Filter (pf)
The same rules can also be found in many other places on the web, for example here: http://schools.coe.ru.ac.za/wiki/Configuring_transparent_proxy

These rules can be reproduced exactly for the most part, except for the inbound interface matching in the redirecting NAT rule. Firewall Builder rule model for the NAT rules does not provide place for interface so this can not be done exactly like the original requires. However the rules I propose match source address of the packets to achieve the same goal.

See new Firewall Builder Cook Book chapter here

1 comment:

Jeffer Shen said...

What would you rather know, that a breitling replica uk watch doesn't fail on a range of criteria or that the reviewer personally likes it? I feel that the former is more useful to you as a consumer. Don't get me wrong, when reviewing or covering a timepiece, I do want you as the reader to be aware of the hublot replica subjective feelings of each writer, but at the end of the day, you should like or dislike a watch for personal reasons as an educated consumer who knows what to look for and what to breitling replica avoid in a watch. That education element of what we do isn't always easy, and it isn't what all readers want all the time. I myself am cheap replica watches guilty of not spending enough time reading as much about topics I am interested in and swiss replica watches looking for "quick" answers for questions about products that I want to get.