Date: Thu, 16 Feb 2006 14:17:47 +0100 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-pf@freebsd.org Subject: Re: PF --> IPTABLES Conversion? Message-ID: <86accr7890.fsf@amidala.datadok.no> In-Reply-To: <43F35750.7020701@veldy.net> (Thomas T. Veldhouse's message of "Wed, 15 Feb 2006 10:31:12 -0600") References: <43F35750.7020701@veldy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Thomas T. Veldhouse" <veldy@veldy.net> writes: > Does anybody know if there is a conversion tool to convert PF scripts > over to IPTables scripts? I had originally decided it was best to keep my mouth shut about IPTables in public, but, well, frankly the cover of the March 2006 Linux Journal really sums it all up for me. Cover bottom left tempts prospective readers with what appears to be a very useful article: "Perl script your way to firewall security" > I have a firewall that is working nicely using PF and FreeBSD, but I > have a machine that I need to setup for a friend that has a similar > configuration, but will be running Linux. Rather than learn IPTables > outright, I was hoping that there might be a scripting utility to help > get me 90% of the way. In my limited experience, if you've gotten used to PF, the only thing you will gain by going to IPTables is a catalogue of profound reasons to hate IPTables and the people who force you to use the thing. If you are used to IPTables, going to PF you will initally refuse to believe that firewall adminning can be that pleasant. Recovering IPTables sufferers tend to quintuple-check their working PF rulesets in disbelief and still end up with rule sets which are way too complicated for their needs. But if there is no way around it, Max' suggestion that fwbuilder is likely to be useful is about as good advice as you can get. Mind you, with IPTables the need for a point'n'click front end to your rule set is a lot bigger than if you stay with PF. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86accr7890.fsf>