-
- #
- # Default PF configuration file.
- #
- # This file contains the main ruleset, which gets automatically loaded
- # at startup. PF will not be automatically enabled, however. Instead,
- # each component which utilizes PF is responsible for enabling and disabling
- # PF via -E and -X as documented in pfctl(8). That will ensure that PF
- # is disabled only when the last enable reference is released.
- #
- # Care must be taken to ensure that the main ruleset does not get flushed,
- # as the nested anchors rely on the anchor point defined here. In addition,
- # to the anchors loaded by this file, some system services would dynamically
- # insert anchors into the main ruleset. These anchors will be added only when
- # the system service is used and would removed on termination of the service.
- #
- # See pf.conf(5) for syntax.
- #
-
- #
- # com.apple anchor point
- #
- #scrub-anchor "com.apple/*"
- #nat-anchor "com.apple/*"
- #rdr-anchor "com.apple/*"
- #dummynet-anchor "com.apple/*"
- #anchor "com.apple/*"
- #load anchor "com.apple" from "/etc/pf.anchors/com.apple"
- rdr pass on lo0 proto tcp from en3 to any port 1935 -> 127.0.0.1
- pass out route-to lo0 inet proto tcp from en3 to any port 1935 user != 2NDUSER
-