iptables rule in pf
Oleksandr Samoylyk
oleksandr at samoylyk.sumy.ua
Thu May 8 08:06:47 UTC 2008
CZUCZY Gergely wrote:
> On Thu, 08 May 2008 01:04:54 +0300
> Oleksandr Samoylyk <oleksandr at samoylyk.sumy.ua> wrote:
>
>> Dear Community,
>>
>> I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
>>
>> After reading man pf.conf for a couple of minutes I couldn't find the
>> realization of such iptables rule in pf:
>>
>> iptables -t nat -A PREROUTING -i ethX -d ! my.smtp.server -p tcp --dport
>> 25 -j DROP
> block in on $interface proto tcp from any to ! my.smtp.server port 25
>
>> iptables -t nat -A PREROUTING -i ethX -p tcp --dport 2525 -j DNAT
>> --to-destination :25
> rdr on $interface proto tcp from any to port 2525 ->
> <the_destionation_you_have_omitted> port 25
I meant _any_ destination with 25 port.
That iptables rule worked for any destination.
>> How it can be rewriting in pf.conf?
> be sure to read the openbsd faq:
> http://www.openbsd.org/faq/pf
>
> pf works quite differently then iptables, it has a different logic. you will
> get used to it. just forget these "tables" which you've got used to with
> iptables.
>
--
Oleksandr Samoylyk
OVS-RIPE
More information about the freebsd-pf
mailing list