Monday, August 8, 2022
HomeApplefirewall - PF rule: redirect a connection to an authentic vacation spot...

firewall – PF rule: redirect a connection to an authentic vacation spot tackle that doesn’t belong to native machine


Symptom:

  1. Add rule rdr inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080.
  2. Use nc 1.1.1.1 80 to confirm, the rule doesn’t take impact.
  3. Execute ifconfig lo0 1.1.1.1 alias to set 1.1.1.1 to the native IP, the rule will take impact.

Desired impact: to any can match any IP tackle, not solely native IP.

Linux equal: iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

We do not have to make use of the rdr rule, if there are different mechanisms on MAC OS that may obtain the same impact, it is effective. However we have to question the unique vacation spot peer, so we’d like a question mechanism just like ioctl(..., DIOCNATLOOK) offered by the pf rdr rule.

Thanks 🙂

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular