Posted on 28-09-2010
Starting from OpenBSD 4.7 a new packet filtering syntax is used. It is more generalized than before. This means that pf.conf needs to be translated to work properly. Typical use cases are NAT and port forwarding.

Example of the new syntax in /etc/pf.conf:

# Setup NAT for local ethernet network
ext_if = "vr0" # WAN net device
match out on $ext_if from nat-to ($ext_if)

# Port forwarding, HTTP traffic
pass in on $ext_if proto tcp from any to ($ext_if) port 80 rdr-to port 80

Load new configuration:

pfctl -f /etc/pf.conf
