Sync command from IPF to PF...?
Max Laier
max at love2party.net
Mon Jul 10 00:31:41 UTC 2006
On Monday 10 July 2006 02:23, Fire walls wrote:
> I start working with pf, my first firewall is running ipf, my doubt
> is, we have the flag "y" on ipf, on pf we dont need any more that
> setting?, because before every time i connect to my isp i run the
> ppp.linkup with the command !bg /sbin/ipf -y, how pf handle that?
With pf a simple "pfctl -f config.file" will do the same in 99% of the time
unless you have tables predefined in the config file that were changed later
on - in that case you will lose the changes.
As a better alternative, pf has the "(interfacename)" syntax. Whereever you
want to say "addresses on tun0" you can say "(tun0)". For instance you would
want to write things like:
nat on $ext_if inet from ($int_if:network) to any -> ($ext_if)
this - in contrast to:
nat on $ext_if inet from $int_if:network to any -> $ext_if
will track changes of the interface address automatically. See pf.conf(5) for
more details on this.
Make sure that you use the "()" syntax everywhere to avoid surprises.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060710/046b989f/attachment.pgp
More information about the freebsd-pf
mailing list