Add a note to the docs about pf redirection of traffic from the host itself.

author: Aldo Cortesi <aldo@nullcube.com> 2013-12-08 21:38:53 +1300
committer: Aldo Cortesi <aldo@nullcube.com> 2013-12-08 21:38:53 +1300
commit: 925eaa934323a7d9210b7b7683201c875e1729b6 (patch)
tree: 32f03eb4b7a736373ea9217a09d91728be222743 /doc-src/transparent
parent: 1e733f314903feef9607722f23529b5ea6fd03dc (diff)
download: mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.tar.gz
mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.tar.bz2
mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/doc-src/transparent/osx.html b/doc-src/transparent/osx.html
index 77eea63b..205e4c76 100644
--- a/doc-src/transparent/osx.html
+++ b/doc-src/transparent/osx.html
@@ -67,3 +67,15 @@ rdr on en2 inet proto tcp to any port 443 -&gt; 127.0.0.1 port 8080
 
 
 </ol>
+
+Note that the **rdr** rules in the pf.conf given above only apply to inbound
+traffic. This means that they will NOT redirect traffic coming from the box
+running pf itself. We can't distinguish between an outbound connection from a
+non-mitmproxy app, and an outbound connection from mitmproxy itself - if you
+want to intercept your OSX traffic, you should use an external host to run
+mitmproxy. None the less, pf is flexible to cater for a range of creative
+possibilities, like intercepting traffic emanating from VMs.  See the
+**pf.conf** man page for more.
+
+
+
author	Aldo Cortesi <aldo@nullcube.com>	2013-12-08 21:38:53 +1300
committer	Aldo Cortesi <aldo@nullcube.com>	2013-12-08 21:38:53 +1300
commit	925eaa934323a7d9210b7b7683201c875e1729b6 (patch)
tree	32f03eb4b7a736373ea9217a09d91728be222743 /doc-src/transparent
parent	1e733f314903feef9607722f23529b5ea6fd03dc (diff)
download	mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.tar.gz mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.tar.bz2 mitmproxy-925eaa934323a7d9210b7b7683201c875e1729b6.zip