Add dynamic rdr
This commit is contained in:
pc
27
docs/chapters/subcommands/rdr.rst
Normal file
27
docs/chapters/subcommands/rdr.rst
Normal file
@@ -0,0 +1,27 @@
|
||||
===
|
||||
rdr
|
||||
===
|
||||
|
||||
`bastille rdr` allows yiou to configure dynamic rdr rules for your containers
|
||||
without modifying pf.conf (assuming you are using the `bastille0` interface
|
||||
for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
|
||||
as described in the Networking section).
|
||||
|
||||
Note: you need to be careful if host services are configured to run
|
||||
on all interfaces as by default thsi will
|
||||
|
||||
.. code-block:: shell
|
||||
|
||||
# bastille rdr --help
|
||||
Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp <host_port> <jail_port>] | [--udp <host_port> <jail_port>]
|
||||
# bastille rdr dev1 --tcp 2001 22
|
||||
# bastille rdr dev1 --list
|
||||
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
|
||||
# bastille rdr dev1 --udp 2053 53
|
||||
# bastille rdr dev1 --list
|
||||
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
|
||||
rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
|
||||
# bastille rdr dev1 --clear
|
||||
nat cleared
|
||||
|
||||
|
||||
Reference in New Issue
Block a user