From owner-freebsd-pf@FreeBSD.ORG  Fri Feb 11 15:28:22 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4BD2116A4CE
	for <freebsd-pf@freebsd.org>; Fri, 11 Feb 2005 15:28:22 +0000 (GMT)
Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155])
	by mx1.FreeBSD.org (Postfix) with SMTP id 97A4543D46
	for <freebsd-pf@freebsd.org>; Fri, 11 Feb 2005 15:28:21 +0000 (GMT)
	(envelope-from mdg@secureworks.net)
Received: (qmail 60839 invoked from network); 11 Feb 2005 15:28:20 -0000
Received: from unknown (HELO ?192.168.8.243?) (209.101.212.253)
  by mail.secureworks.net with SMTP; 11 Feb 2005 15:28:20 -0000
Message-ID: <420CCF14.1040004@secureworks.net>
Date: Fri, 11 Feb 2005 10:28:20 -0500
From: Matthew George <mdg@secureworks.net>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041117)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <200502110130.07341.max@love2party.net>
In-Reply-To: <200502110130.07341.max@love2party.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: IPFilter TO PF
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2005 15:28:22 -0000

Max Laier wrote:
> 
> Please let us know if you find something helpful on the net - I didn't
> yet.
> 

I manage a good number of firewalls, and although I appreciate the write it from 
scratch philosophy, other demands on my time don't always allow me to wrap my 
head around the big picture.  I have found the fwbuilder port invaluable in 
managing my systems.  You can't really import from an existing ruleset, but once 
you have all your objects and policies defined, doing just about anything is 
really easy.

I recently migrated several systems from 4.10 w/ ipfilter to 5.3 w/ pf.  In 
order to get the new rulesets, I selected the target firewall object in 
fwbuilder, clicked the ipfilter dropdown, changed it to pf, and hit compile. 
Worked like a charm ...

All of the ruleset compilers are separated from the interface such that it makes 
it really easy to do what you want with them.

-- 
Matthew George
SecureWorks Technical Operations