From 925eaa934323a7d9210b7b7683201c875e1729b6 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 8 Dec 2013 21:38:53 +1300 Subject: Add a note to the docs about pf redirection of traffic from the host itself. --- doc-src/transparent/osx.html | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc-src/transparent/osx.html b/doc-src/transparent/osx.html index 77eea63b..205e4c76 100644 --- a/doc-src/transparent/osx.html +++ b/doc-src/transparent/osx.html @@ -67,3 +67,15 @@ rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080 + +Note that the **rdr** rules in the pf.conf given above only apply to inbound +traffic. This means that they will NOT redirect traffic coming from the box +running pf itself. We can't distinguish between an outbound connection from a +non-mitmproxy app, and an outbound connection from mitmproxy itself - if you +want to intercept your OSX traffic, you should use an external host to run +mitmproxy. None the less, pf is flexible to cater for a range of creative +possibilities, like intercepting traffic emanating from VMs. See the +**pf.conf** man page for more. + + + -- cgit v1.2.3