pfctl divert-socket in mac os?

2

I'm messing with divert sockets in OSX, and in order to capture any socket, I first need to set up a firewall redirection (divertion if you will):

ipfw add divert 3282 tcp from any to any

Something like that, however "ipfw" is deprecated, and instead mac uses PF(5), so the command should be:

pass out on en0 inet proto tcp to port 80 divert-packet port 9090

This however, when loaded with pfctl -f /etc/pf.conf returns a syntax error.

Here are docs stating that the divert-packet option really exist: https://man.openbsd.org/pf.conf.5#divert-packet_port

No idea why I get the syntax error. please help? how can I enable this divert-packet rule?

toti

Posted 2019-12-27T01:11:53.257

Reputation: 21

Answers

4

Here are docs stating that the divert-packet option really exist:

the docs you're citing are written for OpenBSD.

Meanwhile Pf was originally written for OpenBSD indeed and Apple had it ported for MacOS it does not mean they're updating it.

poige

Posted 2019-12-27T01:11:53.257

Reputation: 312

Asked: 2019-12-27T01:11:53.257

Viewed: 141 times

Active: 2019-12-27T03:20:56.287