PF How to convert iptables rules to pf rules. About iptables routing proxy

[cevin]

iptables rule like:

iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports xxx

Ignoring traffic from the local network and forwarding traffic from other devices on the intranet to an outlet

How the "RETURN" of which is handled in pf

 

[SirDice]

That depends on how that RETURN chain has been defined in iptables. I suspect it either drops the packet or maybe responds with RST.

# Drop is the default, so these are the same
block drop in on $int from any to 0.0.0.0/8
block in on $int from any to 0.0.0.0/8

# Return RST on TCP connections
block return-rst in on $int proto tcp from any to 0.0.0.0/8

See pf.conf(5).

Do NOT return anything for UDP packets. You can send a RST on TCP connections. The default is simply to drop the packet (not return anything).