I kind of expected things to break, but ...
My pf forwarding rules, which worked previously on Yosemite, no longer work on 10.11.
My forwarding rule is as follows: rdr pass on lo0 inet proto tcp from any to any port = 80 -> 127.0.0.1 port 8080
I can access the content by going to localhost:8080, but not just localhost, which is expect (and previous) behaviour.
Did they mention somewhere changes to the pf utility? What do I have to do to make this work?
This only applies to OSX 10.11 - El Capitan - Public Beta 1
In the latest 10.11 beta, 127.0.0.1 is blocked. The solution? Use 127.0.0.2. To do this:
First add 127.0.0.2 to the loopback alias
sudo ifconfig lo0 alias 127.0.0.2 up
Modify your pf rule to use the the new alias.
rdr pass proto tcp from any to any port 80 -> 127.0.0.2 port 8080
For @williamcwilliams (in comments above), just drop the anchor and it'll work.
echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.2 port 8080" | pfctl -Ef - <-- Be sure to add this last tick, you're piping in STDIN)
