pekka wrote:
> Hi,
>
> is there a way to shorten these redirection rules with some macros
>
> server1 = 192.168.140.1
> server2 = 192.168.140.2
> server3 = 192.168.140.3
> server4 = 192.168.140.4
> rdp_port1 = 10001
> rdp_port2 = 10002
> rdp_port3 = 10003
> rdp_port4 = 10004
>
> pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port1 \
> rdr-to $server1 port 3389
> pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port2 \
> rdr-to $server2 port 3389
> pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port3 \
> rdr-to $server3 port 3389
> pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port4 \
> rdr-to $server4 port 3389
>
> The port number is always "server number + 10000"
>
> The manual says port ranges are supported with:
>
> pass in on tl0 proto tcp from any to any port 10001:10004 \
> rdr-to 192.168.140.1 port 3389
>
> but is there a way to use similar accemding ordering for "servers"
> somehow like this:
>
> pass in on tl0 proto tcp from any to any port 10001:10004 \
> rdr-to "192.168.140.1":"192.168.140.4" port 3389
>
> -pekka-
I'm not aware of such functionality.
If it's not too much trouble I'd like to suggest using a script to generate
these rules, e.g.:
#!/bin/sh
start=10;
i=${start};
port=0;
server="192.168.0.";
nsrv=2;
while [ $i != $((nsrv+start)) ];
do
echo "port $((port+i)) rdr-to ${server}${i}";
i=$((i+1));
done
generates:
port 10 rdr-to 192.168.0.10
port 11 rdr-to 192.168.0.11
(I'll leave it to you to fill in the blanks)
If you redirect the output to a file, e.g. /etc/pf/rdp.rules, you can include
that in your main pf.conf.
