Date: Tue, 14 Sep 2004 02:47:43 +0200 From: Max Laier <max@love2party.net> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Convert IPFW Ruleset to PF Message-ID: <200409140247.49894.max@love2party.net> In-Reply-To: <c3ed3fdc04091317413da12e3d@mail.gmail.com> References: <c3ed3fdc04091317413da12e3d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tuesday 14 September 2004 02:41, phusion wrote:
> How can I convert this simple ipfw ruleset to pf?
>
> fwcmd="/sbin/ipfw"
> ${fwcmd} -f flush
> ${fwcmd} add divert natd all from any to any via xl0
> ${fwcmd} add pass all from any to any
This depends largely on what natd was doing for you. pf comes with NAT in
kernel and does not (yet) have divert socket support. If you want to to
network address translation you have to to it *in* pf.
If you submitt your natd setup maybe people can tell you how to convert it.
Generally speaking, doing NAT inside the kernel is more effective than doing
the same thing in userland. If you are not after NAT so much, but use the
divert socket for other purpose pf can't help you right now (you are stuck to
bpf and/or pflog + bpf).
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBBRj+1XyyEoT62BG0RAjKqAJwIdb7l83g/YlwaO0WWGj7YVG93+gCfS5Lw
iwWQbkHobFic56bglr3aQrw=
=jPPL
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409140247.49894.max>