Created
January 30, 2018 14:30
-
-
Save allenfantasy/502f2d33ee191e7d994f550fa8c49db1 to your computer and use it in GitHub Desktop.
simple shell script to refresh pfctl for MacOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Default PF configuration file. | |
# | |
# This file contains the main ruleset, which gets automatically loaded | |
# at startup. PF will not be automatically enabled, however. Instead, | |
# each component which utilizes PF is responsible for enabling and disabling | |
# PF via -E and -X as documented in pfctl(8). That will ensure that PF | |
# is disabled only when the last enable reference is released. | |
# | |
# Care must be taken to ensure that the main ruleset does not get flushed, | |
# as the nested anchors rely on the anchor point defined here. In addition, | |
# to the anchors loaded by this file, some system services would dynamically | |
# insert anchors into the main ruleset. These anchors will be added only when | |
# the system service is used and would removed on termination of the service. | |
# | |
# See pf.conf(5) for syntax. | |
# | |
# | |
# com.apple anchor point | |
# | |
scrub-anchor "com.apple/*" | |
nat-anchor "com.apple/*" | |
rdr-anchor "com.apple/*" | |
# HACK for nginx port binding | |
rdr on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 9090 | |
rdr on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 9091 | |
dummynet-anchor "com.apple/*" | |
anchor "com.apple/*" | |
load anchor "com.apple" from "/etc/pf.anchors/com.apple" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
sudo pfctl -f /etc/pf.conf | |
sudo pfctl -e | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No need for a hack. Put the two port redirection rules in
/etc/pf.anchors/nginx
.To load them run
sudo pfctl -a 'com.apple/nginx' -f /etc/pf.anchors/nginx
.