solene
/
gearbsd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

openbsd: pf: enable IP forwarding when NAT is on.

This commit is contained in:
Solene Rapenne 2021-06-01 20:50:50 +02:00
parent 0e3f6e6ff0
commit bd3403dc2c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openbsd/pf/Rexfile
View File

@ -1,6 +1,8 @@
use Rex -feature => ['1.4'];
use Rex::Commands::File;
use Rex::Commands::Fs;
use Rex::Commands::Run;
use Rex::Commands::Sysctl;
use Rex::Template::NG;
user "root";
@ -16,6 +18,7 @@ my %pfvars = (
"allow_icmp" => 1,
# enable nat? 0= disabled, 1=enabled
# enable ip forwarding but not persistent yet
"nat" => 0,
# interface that is behind the NAT
@ -38,6 +41,12 @@ task "configure", sub {
run "Installing files and loading config",
command => "mv /etc/pf.conf /etc/pf.conf.old && mv /etc/pf.conf.new /etc/pf.conf",
auto_die => TRUE;
if($pfvars{nat}) {
sysctl "net.inet.ip.forwarding" => 1;
} else {
sysctl "net.inet.ip.forwarding" => 0;
}
};
__DATA__