Hi !
i did
pfctl -sr -a miniupnpd
you can see it also in pftop
for example if you test with the Windows 10 XBox App (Networktest) dont
close the app,
because it will delete the rules in the anchor.
You have right hiding internal addresses is not productive
Best regards
Chris
Am 13.05.2022 um 11:42 schrieb Stuart Henderson:
On 2022/05/13 08:04, Peter N. M. Hansteen wrote:
On Thu, May 12, 2022 at 09:58:26PM +0200, Christian Kundela wrote:
in the anchor it produces two rules:
pass in quick on XXX inet proto udp from any to any port = XXXX label "XXXX"
rdr-to X.X.X.X port XXXX
nat quick on XXX inet proto udp from X.X.X.X port = XXXX to any label "XXXX"
nat-to X.X.X.X port XXXX
The "nat [quick] on" syntax stopped being valid on OpenBSD with the NAT rewrite
in OpenBSD 4.7, some 12 years ago. If you replace the "nat quick" with "pass
quick"
at least the syntax will be valid.
Something is mangled here, "nat quick on ..." never existed.
How are you seeing these anchor rules Christian? Is that a direct
paste from something before redacting addresses/etc? If it's
retyped please check accuracy.
Redacting the interface names and ports isn't really helpful to hiding
anything and makes it hard to understand what is going on.. Redacting
addresses is ok but please do something to distinguish addresses and
show which is internal/external.
