Date: Fri, 11 Feb 2005 10:28:20 -0500 From: Matthew George <mdg@secureworks.net> To: freebsd-pf@freebsd.org Subject: Re: IPFilter TO PF Message-ID: <420CCF14.1040004@secureworks.net> In-Reply-To: <200502110130.07341.max@love2party.net> References: <200502110130.07341.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > > Please let us know if you find something helpful on the net - I didn't > yet. > I manage a good number of firewalls, and although I appreciate the write it from scratch philosophy, other demands on my time don't always allow me to wrap my head around the big picture. I have found the fwbuilder port invaluable in managing my systems. You can't really import from an existing ruleset, but once you have all your objects and policies defined, doing just about anything is really easy. I recently migrated several systems from 4.10 w/ ipfilter to 5.3 w/ pf. In order to get the new rulesets, I selected the target firewall object in fwbuilder, clicked the ipfilter dropdown, changed it to pf, and hit compile. Worked like a charm ... All of the ruleset compilers are separated from the interface such that it makes it really easy to do what you want with them. -- Matthew George SecureWorks Technical Operations
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?420CCF14.1040004>