IPFilter TO PF
Matthew George
mdg at secureworks.net
Fri Feb 11 07:28:22 PST 2005
Max Laier wrote:
>
> Please let us know if you find something helpful on the net - I didn't
> yet.
>
I manage a good number of firewalls, and although I appreciate the write it from
scratch philosophy, other demands on my time don't always allow me to wrap my
head around the big picture. I have found the fwbuilder port invaluable in
managing my systems. You can't really import from an existing ruleset, but once
you have all your objects and policies defined, doing just about anything is
really easy.
I recently migrated several systems from 4.10 w/ ipfilter to 5.3 w/ pf. In
order to get the new rulesets, I selected the target firewall object in
fwbuilder, clicked the ipfilter dropdown, changed it to pf, and hit compile.
Worked like a charm ...
All of the ruleset compilers are separated from the interface such that it makes
it really easy to do what you want with them.
--
Matthew George
SecureWorks Technical Operations
More information about the freebsd-pf
mailing list