Solved OpenVPN anchor

Hi,

I just installed security/openvpn and I have the following up.sh and down.sh for the OpenVPN server I run on my firewall
/usr/local/etc/openvpn/up.sh
Code:
#!/bin/sh

ANCHOR="openvpn"

/sbin/ifconfig ${dev} inet6 -ifdisabled

/sbin/pfctl -a ${ANCHOR} -F rules
/sbin/pfctl -a ${ANCHOR} -F nat
/sbin/pfctl -a ${ANCHOR} -f - <<EOT
nat on ${OPENVPN_wan} inet from ${dev}:network to any -> (${OPENVPN_wan}:0) port 1024:65535
pass quick on ${dev} all
pass in quick on ${OPENVPN_wan} inet proto udp from any to (${OPENVPN_wan}) port ${local_port_1}
EOT
/usr/local/etc/openvpn/down.sh
Code:
#!/bin/sh

/sbin/pfctl -a openvpn -F rules
/sbin/pfctl -a openvpn -F nat
In /etc/pf.conf I add rdr-anchor "openvpn" andthe question that I have now is where does anchor "openvpn" go in the file?
Do I put this line just after the block log all rule or before?
 
Last edited by a moderator:
Think about the rules you are injecting. Suppose you added those rules directly to pf.conf, where would you put them? That's the spot where the anchor should go.
 
Back
Top