How to export / save and compare PF rule sets
Max Laier
max at love2party.net
Wed Dec 23 00:40:44 UTC 2009
On Wednesday 23 December 2009 00:50:09 Miroslav Lachman wrote:
> scrub is before nat/rdr rules in case of "pfctl -s a" and after nat/rdr
> in case of "pfctl -nvf /etc/pf.conf"
The order should always be options, scrub, queues, nat, filters. pfctl -nvf
only works with a different order if you have "set require-order no" in your
ruleset. You should be able to fix this at your end.
> Is there any other way how can I export live and saved rules in the same
> format and the same order, ready to comparission by diff?
you can always extract the parts individually and cat them together if you
insist on keeping the ruleset unordered.
Regrads,
--
Max
More information about the freebsd-pf
mailing list