Apple Event: May 7th at 7 am PT
This worked fine for me until I finally caved and left Software Update install 10.7.4.
The pf.anchors/com.apple file changed during the update, so I made the corresponding edits again. (There's a new scrub-anchor rule as well.)
However, NAT's not working.
pf logging looks like it might offer a clue, but I haven't wrapped my head around pf enough to get it enabled. Any recipe for getting that going?
Any other debug tips?
Mac OS X (10.7.4)
Turns out that loading seems broken. In the KB article, if you take the rules you're adding to exampleNATRules and place them up in /etc/pf.conf in the proper spot (after the nat-anchor and rdr-anchor rules), then it'll work again.
Turns out that loading seems broken. In the KB article, if you take the rules you're adding to exampleNATRules and place them up in /etc/pf.conf in the proper spot (after the nat-anchor and rdr-anchor rules), then it'll work again.
I found that this was not necessary on my machine. In fact, putting
nat on en3 from 192.168.2.1/24 to any -> (en3)
pass from {lo0, 192.168.2.1/24} to any keep state
at the end of /etc/pf.conf resulted in it not working and the following error showing up in Console.app:
7/22/12 1:28:00.036 PM com.apple.pfctl: /etc/pf.conf:25: Rules must be in order: options, normalization, queueing, translation, filtering
They have to be placed in the proper spot in pf.conf. Put them right after the existing rdr-anchor rule and before the anchor and load-anchor rules.
You can use "sudo pfctl -v -n -f /etc/pf.conf" to verify the syntax.
Ahhh. I put them at the end after the existing load anchor rule.
Regardless, they seem to be loading just fine as per the original KB article for me.
Broke in 10.7.4?
