... file
Parse and test your anchor file to make sure there are no errors:
sudo pfctl -vnf
3. Reference the anchor in pf.conf
/etc/pf.conf is the main configuration file that pf loads at boot. We'll need to load the anchor file we previously created:
rdr‑anchor «forwarding»
load anchor «forwarding» from «/etc/pf.anchors/»
Make sure to add these entries to the appropriate spot.
4. Load and enabling pf
pf is not enabled by default in Mavericks, few ways to enable this:
Manually load and enable from a pf.conf file via sudo pfctl -ef
Auto enable by creating a launch daemon via this doc to run pfctl -ef on boot.
Auto enable by adding an -e(enable) to the pfctl ProgramArgument in /System/Library/LaunchDaemons/com.apple.pfctl.plist like this:
ProgramArguments
pfctl
-e
-f
/etc/pf.conf
5. Forwarding across interfaces
By default, pf does not forward between interfaces. Here's a snippet from man for pfctl with help from 2sidedfigure:
The packet filter does not itself forward packets between interfaces. Forwarding can be enabled by setting the sysctl(8) variables net.inet.ip.forwarding and/or net.inet6.ip6.forwarding to 1. Set them permanently in sysctl.conf(5).
We'll need to enable this by adding to /etc/sysctl.conf:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
Caution
There is the possibility that pf.conf will be overriden with updates to the OS. It might be best to create your own pf config file and load them in additon to the main pf.conf to prevent this.
+10
