Future of pf / firewall in FreeBSD ? - does it have one ?
Warren Block
wblock at wonkity.com
Fri Aug 1 13:20:53 UTC 2014
On Fri, 1 Aug 2014, Dan Busarow wrote:
>
> On 8/1/14, 1:39 AM, krad wrote:
>> I always found natting in ipfw rather awkward and harder than in pf.
>> Looking at the man page it doesnt seem to have changed. I should probably
>> give it another go though as it has been about 10 years now
>
> Couldn't be much easier than the way it works now
>
> e.g.
>
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="em0"
> natd_flags="-s -m -u"
>
> All of the builtin rulesets know about NAT
>
> My home network has two internal nets each with it's own wifi AP and the
> above handles it.
>
> natd_interface is your outside facing interface.
In pf, it is just an entry in the rules:
nat on $ext_if from $internal_net to any -> ($ext_if)
More information about the freebsd-questions
mailing list