flackend · August 18, 2025 08:39 · Dec 17, 2021 · Sep 15, 2015
diff --git a/PF - OSX (OpenBSD) Firewall.md b/PF - OSX (OpenBSD) Firewall.md
@@ -1,6 +1,5 @@
 ## Resources
 
-- [Port Forwarding in Mac OS Yosemite (http://abetobing.com/)](http://abetobing.com/blog/port-forwarding-mac-os-yosemite-81.html)
 - [Pfctl man page (apple.com)](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/pfctl.8.html)
 - [Pf.conf man page (apple.com)](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man5/pf.conf.5.html)
 - [How to secure your Mac when using it on wireless networks (sarfata.org)](http://www.sarfata.org/posts/secure-your-mac.md/)

diff --git a/PF - OSX (OpenBSD) Firewall.md b/PF - OSX (OpenBSD) Firewall.md
@@ -0,0 +1,116 @@
+## Resources
+
+- [Port Forwarding in Mac OS Yosemite (http://abetobing.com/)](http://abetobing.com/blog/port-forwarding-mac-os-yosemite-81.html)
+- [Pfctl man page (apple.com)](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/pfctl.8.html)
+- [Pf.conf man page (apple.com)](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man5/pf.conf.5.html)
+- [How to secure your Mac when using it on wireless networks (sarfata.org)](http://www.sarfata.org/posts/secure-your-mac.md/)
+- [Pf on OS X 10.7 (zomo.co.uk)](http://www.zomo.co.uk/2011/09/pf-on-os-x-10-7/)
+- [OpenBSD packet filter (PF): Real life example (daemon-notes.com)](http://daemon-notes.com/articles/network/pf)
+- [Firewalling with OpenBSD's PF packet filter (rlworkman.net)](http://rlworkman.net/howtos/OpenBSD_pf_guide.html)
+- [PF (OpenBSD) (readthedocs.org)](http://balu-wiki.readthedocs.org/en/latest/security/pf.html)
+- [PF rules (kernel-panic.it)](http://www.kernel-panic.it/openbsd/carp/carp6.html)
+- [Port Forwarding in Mac OS Yosemite (abetobing.com)](http://abetobing.com/blog/port-forwarding-mac-os-yosemite-81.html)
+- [Mac pfctl Port Forwarding (salferrarello.com)](http://salferrarello.com/mac-pfctl-port-forwarding/)
+- [Port forwarding/redirecting (internally) on OS X Mavericks (chrisvanpatten.com)](http://www.chrisvanpatten.com/port-forwarding-mavericks)
+- [Transparent system-wide proxy (mblondel.org)](http://www.mblondel.org/journal/2011/06/27/transparent-system-wide-proxy/)
+- [OSX as Transparent Wifi MITM Proxy (pocoo.org)](http://lucumr.pocoo.org/2013/1/6/osx-wifi-proxy/)
+- [OSX (mitmproxy.org)](https://mitmproxy.org/doc/transparent/osx.html)
+- [Open a port in OSX Mavericks’ Firewall (rolfje.wordpress.com)](https://rolfje.wordpress.com/2014/05/10/open-a-port-in-osx-mavericks-firewall/)
+- [Mac OS X pf firewall: Avoiding known bad guys (ikawnoclast.com)](http://ikawnoclast.com/security/mac-os-x-pf-firewall-avoiding-known-bad-guys/)
+- [A Cheat Sheet For Using pf in OS X Lion and Up (krypted.com)](http://krypted.com/mac-security/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/)
+- [Using pf on OS X Mountain Lion (scottlowe.org)](http://blog.scottlowe.org/2013/05/15/using-pf-on-os-x-mountain-lion/)
+- [PF on Mac OS X (pleiades.ucsc.edu)](https://pleiades.ucsc.edu/hyades/PF_on_Mac_OS_X)
+- [OS X 10.8: redirecting locally initiated ssh connections to localhost:22 (serverfault.com)](https://serverfault.com/questions/421261/os-x-10-8-redirecting-locally-initiated-ssh-connections-to-localhost22#)
+- [iptables equivalent for mac os x (serverfault.com)](http://serverfault.com/questions/102416/iptables-equivalent-for-mac-os-x)
+- [How can I make sure all my Mac's TCP traffic goes through a SOCKS5 proxy? (superuser.com)](http://superuser.com/questions/802967/how-can-i-make-sure-all-my-macs-tcp-traffic-goes-through-a-socks5-proxy)
+
+## Using pfctl
+
+These are the flags used in the exampe commands below:
+
+- `v` Verbose output
+- `f` Load rules from a file
+- `n` Parse rules, don't apply
+- `e` Enable the packet filter
+- `d` Disable the packet filter
+
+Dry run:
+
+```bash
+pfctl -nvf /path/to/some.conf
+```
+
+**Note:** The `f` flag has to be last in the list in the above example. It's taking the path the follows as its argument.
+
+If there were no syntax errors, apply the rules:
+
+```bash
+pfctl -evf /path/to/some.conf
+```
+
+This, I think, just disables the firewall:
+
+```bash
+sudo pfctl -d
+```
+
+Flush all filter parameters and reload the default rules, **/etc/pf.conf**:
+
+```bash
+pfctl -F all -f /etc/pf.conf
+```
+
+## PF rules
+
+### Ordering
+
+You need to order your declaration in this order:
+
+1. **Options** -- tune the behaviour of the packet filtering engine
+2. **Normalization** -- protects internal machines against inconsistencies in Internet protocols and implementations
+3. **Queueing** -- provides rule-based bandwidth control
+4. **Translation** -- specify how addresses are to be mapped or redirected to other addresses
+5. **Filtering** -- provides rule-based blocking or passing of packets
+
+I believe it's possible to disable the enforcement of ordering, but if you do that your rules probably won't work the way you want.
+
+### Macros
+
+Macros can be defined that will later be expanded in context.  Macro names must start with a letter, and may contain letters, digits and underscores.  Macro names may not be reserved words (for example pass, in, out).  Macros are not expanded inside quotes.
+
+```bash
+# Define an external interface to use in the following rules
+ext_if = "en0"
+pass in on $ext_if proto tcp from any to any port 25
+```
+
+### Anchors
+
+Anchors are containers that can hold rules, address tables, and other anchors.
+
+- `nat-anchor` - nat rules
+- `rdr-anchor` - rdr rules
+- `binat-anchor` - binat rules
+- `anchor` - filter rules
+
+```bash
+rdr-anchor "example"
+load anchor "example" from "path/to/example.rule"
+```
+
+
+### Tables
+
+When you define a table you can specify:
+
+- `persist` - keep the table after there are no rules using
+- `const` - table cannot be added to or have items removed
+
+```bash
+table <block> persist
+```
+
+## Redsocks
+
+- [Example Redsocks config (github.com)](https://github.com/darkk/redsocks/blob/master/redsocks.conf.example)
+- [redsocks - transparent socks redirector (darkk.net.ru)](http://darkk.net.ru/redsocks/)