0

I'm wanting to modify some firewall/NAT rules on a device (Apple Airport) running NetBSD 4.0. I'm not that familiar with BSD and pf, so want to check the right approach. I can change the pf.conf file (using sed) to the required configuration, then load using pfctl -f /etc/pf.conf, but am wondering if this clears out the old rules first?

Alternately, what would be the best approach to doing this directly via the command line (i.e. removing old the rdr pass and nat rules, and adding new ones?)

(for context, the aim here is to be able to change NAT rules on an Apple Airport Extreme without having to restart the device, which brings the whole network down for a minute or so; I've successfully gained ssh access)

Improve this question
1
  • man pf.conf in regards the "anchors" and even more.
    – poige
    CommentedSep 12, 2020 at 4:55

1 Answer 1

Reset to default
1

Looking at /etc/rc.d/pf on NetBSD 4.0 (or even in 9.0) the pf_reload function simply runs pfctl -q -f /etc/pf.conf so it would seem that flushing old rules is unnecessary.

To manually flush all rules and state you could use pfctl -F all.

In case the Airport does not have manual pages installed, you can read the manual page for pfctl(8) online.

I looked for a command to dump the currently present rules (similar to ipfstat(8)) but could not find anything in the manuals. It would have been helpful for inspecting the state of the firewall.

Improve this answer
0

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.