Skip to content

Instantly share code, notes, and snippets.

@allenfantasy
Created January 30, 2018 14:30
Show Gist options
  • Save allenfantasy/502f2d33ee191e7d994f550fa8c49db1 to your computer and use it in GitHub Desktop.
Save allenfantasy/502f2d33ee191e7d994f550fa8c49db1 to your computer and use it in GitHub Desktop.
simple shell script to refresh pfctl for MacOS
#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#
#
# com.apple anchor point
#
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
# HACK for nginx port binding
rdr on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 9090
rdr on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 9091
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
#!/bin/sh
sudo pfctl -f /etc/pf.conf
sudo pfctl -e
@xoryves
Copy link

xoryves commented Nov 1, 2021

No need for a hack. Put the two port redirection rules in /etc/pf.anchors/nginx.
To load them run sudo pfctl -a 'com.apple/nginx' -f /etc/pf.anchors/nginx.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment