[pf4freebsd] Re: Convert IPFW Ruleset to PF
Max Laier
max at love2party.net
Wed Sep 15 21:14:47 PDT 2004
On Tuesday 14 September 2004 02:41, phusion wrote:
> How can I convert this simple ipfw ruleset to pf?
>
> fwcmd="/sbin/ipfw"
> ${fwcmd} -f flush
> ${fwcmd} add divert natd all from any to any via xl0
> ${fwcmd} add pass all from any to any
This depends largely on what natd was doing for you. pf comes with NAT in
kernel and does not (yet) have divert socket support. If you want to to
network address translation you have to to it *in* pf.
If you submitt your natd setup maybe people can tell you how to convert it.
Generally speaking, doing NAT inside the kernel is more effective than doing
the same thing in userland. If you are not after NAT so much, but use the
divert socket for other purpose pf can't help you right now (you are stuck to
bpf and/or pflog + bpf).
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040914/ce234ffd/attachment.bin
More information about the freebsd-pf
mailing list