divert-to


Better interface to replace rdr-to localhost
New configurations use "divert-to" instead of "rdr-to":
  anchor "ftp-proxy/*"
  pass in quick inet proto tcp to port ftp \ 
    divert-to 127.0.0.1 port 8021

Redirect connections to a listening userland socket
PF does not change the destination address or source port
Use getsockname(2) to get the original destination

No more extra NAT
no rewrite and no need for allocating NAT ports
slightly faster
no more possible races due to out-of-band NATLOOK