Using iohyve to Control pf

#Idea notepad on how to control pf using iohyve for a NAT

#####If you would like to add to this document, feel free to do so, but add your username to the idea.

The goal, at least at first, is to have one NAT per iohyve install on the hardcoded bridge0 device. Guests not in the NAT can still be added as a normal tap to the "outside world." This feature is only to be used on systems where pf is not already being used by the user. We will provide documentation for the power users to roll their own /etc/rc.conf and /etc/pf.conf files.

• iohyve will have functions to automatically add guests to a NAT if specified at creation time.
• iohyve will have functions for the user to specify port forwarding or adding a guest to a NAT.
• Use tables as a way to keep IPs in one place.
• Use a dataset /iohyve/NAT to store information
• Everyone should have a safe word. iohyve pf panic will basically run pfctl -d to stop pf in case things go south quick.
• When changing pf properties using iohyve manually (not at guest creation time), you can iohyve pf commit confirm 5 to automatically REVERT changes to the NAT if things go south. I sure hope I don't get sued by Juniper or something.