Changeset View
Changeset View
Standalone View
Standalone View
share/man/man5/pf.conf.5
Show First 20 Lines • Show All 1,992 Lines • ▼ Show 20 Lines | |||||
.It Ar static-port | .It Ar static-port | ||||
With | With | ||||
.Ar nat | .Ar nat | ||||
rules, the | rules, the | ||||
.Ar static-port | .Ar static-port | ||||
option prevents | option prevents | ||||
.Xr pf 4 | .Xr pf 4 | ||||
from modifying the source port on TCP and UDP packets. | from modifying the source port on TCP and UDP packets. | ||||
.It Xo Ar map-e-portset Aq Ar psid-offset | |||||
.No / Aq Ar psid-len | |||||
.No / Aq Ar psid | |||||
.Xc | |||||
With | |||||
.Ar nat | |||||
rules, the | |||||
.Ar map-e-portset | |||||
option enables the source port translation of MAP-E (RFC 7597) Customer Edge. | |||||
In order to make the host act as a MAP-E Customer Edge, setting up a tunneling | |||||
interface and pass rules for encapsulated packets are required in addition | |||||
to the map-e-portset nat rule. | |||||
.Pp | |||||
For example: | |||||
.Bd -literal -offset indent | |||||
nat on $gif_mape_if from $int_if:network to any \e | |||||
-> $ipv4_mape_src map-e-portset 6/8/0x34 | |||||
.Ed | |||||
.Pp | |||||
sets PSID offset 6, PSID length 8, PSID 0x34. | |||||
.Ed | |||||
.El | .El | ||||
.Pp | .Pp | ||||
Additionally, the | Additionally, the | ||||
.Ar sticky-address | .Ar sticky-address | ||||
option can be specified to help ensure that multiple connections from the | option can be specified to help ensure that multiple connections from the | ||||
same source are mapped to the same redirection address. | same source are mapped to the same redirection address. | ||||
This option can be used with the | This option can be used with the | ||||
.Ar random | .Ar random | ||||
▲ Show 20 Lines • Show All 879 Lines • ▼ Show 20 Lines | filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | | ||||
"set prio" ( number | "(" number [ [ "," ] number ] ")" ) | | "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | | ||||
"queue" ( string | "(" string [ [ "," ] string ] ")" ) | | "queue" ( string | "(" string [ [ "," ] string ] ")" ) | | ||||
"rtable" number | "probability" number"%" | "prio" number | "rtable" number | "probability" number"%" | "prio" number | ||||
nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
[ "on" ifspec ] [ af ] | [ "on" ifspec ] [ af ] | ||||
[ protospec ] hosts [ "tag" string ] [ "tagged" string ] | [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | ||||
[ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | ||||
[ portspec ] [ pooltype ] [ "static-port" ] ] | [ portspec ] [ pooltype ] [ "static-port" ] | ||||
[ "map-e-portset" number "/" number "/" number ] ] | |||||
binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
[ "on" interface-name ] [ af ] | [ "on" interface-name ] [ af ] | ||||
[ "proto" ( proto-name | proto-number ) ] | [ "proto" ( proto-name | proto-number ) ] | ||||
"from" address [ "/" mask-bits ] "to" ipspec | "from" address [ "/" mask-bits ] "to" ipspec | ||||
[ "tag" string ] [ "tagged" string ] | [ "tag" string ] [ "tagged" string ] | ||||
[ "-\*(Gt" address [ "/" mask-bits ] ] | [ "-\*(Gt" address [ "/" mask-bits ] ] | ||||
▲ Show 20 Lines • Show All 185 Lines • Show Last 20 Lines |