Sync command from IPF to PF...?

Max Laier max at love2party.net
Mon Jul 10 00:31:41 UTC 2006


On Monday 10 July 2006 02:23, Fire walls wrote:
>       I start working with pf, my first firewall is running ipf, my doubt
> is, we have the flag "y" on ipf, on pf  we dont need any more that
> setting?, because before every time i connect to my isp i run the
> ppp.linkup with the command !bg /sbin/ipf -y, how pf handle that?

With pf a simple "pfctl -f config.file" will do the same in 99% of the time 
unless you have tables predefined in the config file that were changed later 
on - in that case you will lose the changes.

As a better alternative, pf has the "(interfacename)" syntax.  Whereever you 
want to say "addresses on tun0" you can say "(tun0)".  For instance you would 
want to write things like:

nat on $ext_if inet from ($int_if:network) to any -> ($ext_if)

this - in contrast to:

nat on $ext_if inet from $int_if:network to any -> $ext_if

will track changes of the interface address automatically.  See pf.conf(5) for 
more details on this.

Make sure that you use the "()" syntax everywhere to avoid surprises.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060710/046b989f/attachment.pgp


More information about the freebsd-pf mailing list