On 2008/07/31 23:12, Martin Toft wrote: > On Thu, Jul 31, 2008 at 03:35:45PM -0500, Jacob Lambert wrote: > > Hi guys, > > > > I'm new to pf but am learning quick. I've got one pf box up and running > > and working great. Now I want to try to simplify things a bit. > > > > I have multiple VMs each with their own public IP that need nat and rdr > > rules. For now I've been duplicating the nat and rdr rules for each new > > virtual host. Currently there's only a few VMs but soon I'll have 30-50 > > VMs each with mostly the same nat and rdr rules. > > > > Is there some way to simplify this by using lists or tables. (which I > > know little about, but my 'Book of PF' is being shipped as we speak) > > binat might be what you're looking for. From pf.conf(5): > > binat > A binat rule specifies a bidirectional mapping between an > external IP netblock and an internal IP netblock. > > Other than that I don't think there is any syntactic sugar to do what > you ask for. An idea could be to write a shell script to generate the > ruleset if the addresses and/or ports are systematic in some way. > > Martin
Could you use bitmask nat/rdr for the ports common to all machines, then add separate rules for any exceptions?
