pekka wrote: > Hi, > > is there a way to shorten these redirection rules with some macros > > server1 = 192.168.140.1 > server2 = 192.168.140.2 > server3 = 192.168.140.3 > server4 = 192.168.140.4 > rdp_port1 = 10001 > rdp_port2 = 10002 > rdp_port3 = 10003 > rdp_port4 = 10004 > > pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port1 \ > rdr-to $server1 port 3389 > pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port2 \ > rdr-to $server2 port 3389 > pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port3 \ > rdr-to $server3 port 3389 > pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port4 \ > rdr-to $server4 port 3389 > > The port number is always "server number + 10000" > > The manual says port ranges are supported with: > > pass in on tl0 proto tcp from any to any port 10001:10004 \ > rdr-to 192.168.140.1 port 3389 > > but is there a way to use similar accemding ordering for "servers" > somehow like this: > > pass in on tl0 proto tcp from any to any port 10001:10004 \ > rdr-to "192.168.140.1":"192.168.140.4" port 3389 > > -pekka-
I'm not aware of such functionality. If it's not too much trouble I'd like to suggest using a script to generate these rules, e.g.: #!/bin/sh start=10; i=${start}; port=0; server="192.168.0."; nsrv=2; while [ $i != $((nsrv+start)) ]; do echo "port $((port+i)) rdr-to ${server}${i}"; i=$((i+1)); done generates: port 10 rdr-to 192.168.0.10 port 11 rdr-to 192.168.0.11 (I'll leave it to you to fill in the blanks) If you redirect the output to a file, e.g. /etc/pf/rdp.rules, you can include that in your main pf.conf.