Future of pf / firewall in FreeBSD ? - does it have one ?
krad
kraduk at gmail.com
Fri Aug 1 13:39:45 UTC 2014
ordering is also straight forward, which wasnt the case, but then i hope im
well out of date. At least ipfw has tables now, as i couldnt live without
them now.
to be fair you have missed 'pf_enable=yes' in the rc.conf
On 1 August 2014 14:20, Warren Block <wblock at wonkity.com> wrote:
> On Fri, 1 Aug 2014, Dan Busarow wrote:
>
>
>> On 8/1/14, 1:39 AM, krad wrote:
>>
>>> I always found natting in ipfw rather awkward and harder than in pf.
>>> Looking at the man page it doesnt seem to have changed. I should probably
>>> give it another go though as it has been about 10 years now
>>>
>>
>> Couldn't be much easier than the way it works now
>>
>> e.g.
>>
>> firewall_enable="YES"
>> firewall_type="OPEN"
>> natd_enable="YES"
>> natd_interface="em0"
>> natd_flags="-s -m -u"
>>
>> All of the builtin rulesets know about NAT
>>
>> My home network has two internal nets each with it's own wifi AP and the
>> above handles it.
>>
>> natd_interface is your outside facing interface.
>>
>
> In pf, it is just an entry in the rules:
>
> nat on $ext_if from $internal_net to any -> ($ext_if)
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list