Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Jul 2006 02:31:32 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: Sync command from IPF to PF...?
Message-ID:  <200607100231.37891.max@love2party.net>
In-Reply-To: <b61774460607091723y1a77cd36n4fb3f061af92e42e@mail.gmail.com>
References:  <b61774460607091723y1a77cd36n4fb3f061af92e42e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart5554175.jZQEkvaLVj
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 10 July 2006 02:23, Fire walls wrote:
>       I start working with pf, my first firewall is running ipf, my doubt
> is, we have the flag "y" on ipf, on pf  we dont need any more that
> setting?, because before every time i connect to my isp i run the
> ppp.linkup with the command !bg /sbin/ipf -y, how pf handle that?

With pf a simple "pfctl -f config.file" will do the same in 99% of the time=
=20
unless you have tables predefined in the config file that were changed late=
r=20
on - in that case you will lose the changes.

As a better alternative, pf has the "(interfacename)" syntax.  Whereever yo=
u=20
want to say "addresses on tun0" you can say "(tun0)".  For instance you wou=
ld=20
want to write things like:

nat on $ext_if inet from ($int_if:network) to any -> ($ext_if)

this - in contrast to:

nat on $ext_if inet from $int_if:network to any -> $ext_if

will track changes of the interface address automatically.  See pf.conf(5) =
for=20
more details on this.

Make sure that you use the "()" syntax everywhere to avoid surprises.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart5554175.jZQEkvaLVj
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQBEsZ/pXyyEoT62BG0RAm3bAJ9tIKlp4w1PV5TJNSmmDrh6y15CQgCfaXwq
dgavJ3/h/O4x2sKqVdw9x1c=
=x8iv
-----END PGP SIGNATURE-----

--nextPart5554175.jZQEkvaLVj--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607100231.37891.max>