On Sep 1, 2004, at 20:11, Daniel Hartmeier wrote:
For block rules, that would do I suppose, but for redirection it wouldn't, would it?On Wed, Sep 01, 2004 at 06:43:45PM +0200, Matthijs Bomhoff wrote:
(Or is this already possible with pf, but did I just miss it? :)
Try the 'user' (or 'group') options, see pf.conf(5).
If an incoming connection matches a listening socket (on the firewall itself), 'user != unknown' is true.
Maybe that can be used to do what you want?
What I would like to do, is something like the following (just an example) :
rdr proto tcp to (dc0) port 80 ! open -> 10.0.2.2 port 80
i.e. redirect connections to the local webserver to some other host when the local webserver is not listening.
if I understand the pf.conf(5) man page, user/group is only applicable for packet filtering, not for redirection etc.
Any suggestions for such a thing?
thanks for your time,
Matthijs
