On 2022/05/13 08:04, Peter N. M. Hansteen wrote: > On Thu, May 12, 2022 at 09:58:26PM +0200, Christian Kundela wrote: > > in the anchor it produces two rules: > > > > pass in quick on XXX inet proto udp from any to any port = XXXX label "XXXX" > > rdr-to X.X.X.X port XXXX > > nat quick on XXX inet proto udp from X.X.X.X port = XXXX to any label "XXXX" > > nat-to X.X.X.X port XXXX > > The "nat [quick] on" syntax stopped being valid on OpenBSD with the NAT > rewrite > in OpenBSD 4.7, some 12 years ago. If you replace the "nat quick" with "pass > quick" > at least the syntax will be valid.
Something is mangled here, "nat quick on ..." never existed. How are you seeing these anchor rules Christian? Is that a direct paste from something before redacting addresses/etc? If it's retyped please check accuracy. Redacting the interface names and ports isn't really helpful to hiding anything and makes it hard to understand what is going on.. Redacting addresses is ok but please do something to distinguish addresses and show which is internal/external.
