scrub in all nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL -> $IP_JAIL_TOR port $PORT_TOR_JAILThat looks good. There is no "pass out quick" or "pass out on" statement?Sure, there is. pass out on $ext_if proto { tcp udp icmp } all modulate state
Remove 'pass' form 'nat pass' if the packet shall flow through the 'pass out' rule after 'nat'. Otherwise it will pass out without respect to any rule.
[] https:// www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5#end -- imho, looking forward to 33C3 :) _______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays