pf on Freebsd 10
Jesse Gooch
lists at gooch.io
Sat Apr 26 02:10:20 UTC 2014
Hi Al,
On 25/04/14 01:39 PM, Al Plant wrote:
> Code has changed for pf under FreeBSD. I have tried to make a firewall
> using FreeBSD 10 but some of the new code doesnt work?
Yes, the pf in FreeBSD was ported from OpenBSD, but I can't recall which
version or when.
> Is it possible to use pf on FreeBSD 10 as a firewall for a web server
> and a mail server on a single public IP using nat?
I use pf on FreeBSD 10 for a very similar setup, and it works great.
> The problem is that it seems that pf code works on Open BSD 5.* where
> the FreeBSD 10 is not accepting the current pf version code. Only some
> code works now on FreeBSD 9 and 10.
Yes, I think OpenBSD changed much of the syntax for the pf config file
some time ago. I'm not sure if the changes stretched further than that
though.
> Should I make the firewall on a Open BSD box or is there a how to
> get the newer code to work with FreeBSD 10? Or is one of our gurus
> working on up grading the FreeBSD pf?
Perhaps you could lurk on the freebsd-pf mailing list[1] if you want to
learn more about pf on FreeBSD? I don't see why you must use OpenBSD, pf
on FreeBSD should do what you describe. Maybe you need some features
specific to the OpenBSD pf? Sorry I just don't have enough info to make
a recommendation.
[1] http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> Is there some where that the version of pf that works with FreeBSD 10 is
> named? Handbook is vague as to what works for pf. It seems that many of
> the new commands for the Open BSD 5 * pf arent recognized by the FreeBSD
> 10 release.
I recommend reading the handbook chapter on pf[2], as well as the
manpages for pf.conf[3]. These two documents were invaluable to me when
constructing my pf configuration file.
[2] https://www.freebsd.org/doc/handbook/firewalls-pf.html
[3]
http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+10.0-RELEASE&arch=default&format=ascii
> Thanks for any help.
You're welcome! I hope the information I provided was helpful.
More information about the freebsd-questions
mailing list