From owner-freebsd-questions@FreeBSD.ORG Fri Aug 1 13:39:45 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D0880344 for ; Fri, 1 Aug 2014 13:39:45 +0000 (UTC) Received: from mail-yh0-x232.google.com (mail-yh0-x232.google.com [IPv6:2607:f8b0:4002:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8EC0920D3 for ; Fri, 1 Aug 2014 13:39:45 +0000 (UTC) Received: by mail-yh0-f50.google.com with SMTP id v1so2594486yhn.9 for ; Fri, 01 Aug 2014 06:39:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KFo3WQae67dZ52g+DJ7iWH7D7OVPdkOg/GYLwhHTPlE=; b=UPZqDC8jcSW/edQ2VqWvbj4X19n+8wHTxwcRVWkzlb/OMzHw6aEnf1wI8y3hdHtwYl mYch0+vZugQLysij6qBNry07h0Ndp+bAk2gabrIadoyiGsk95gUd6ib1wQptBmgodEET voOHscx6PiTrSexdMSt8WLRsu1Ec2/Yy+1STjLbsMcA4iVtdWGzd75/C7bpX72D01uVh GBxi2VWNnu1vzcXv+e3MVIqpuLHZgKTmnPBKQr00vcClFqJp9XeySouXdRgWMVUAuIF/ jAkWgW007FUnSAaP/VLps/oSocd0scUd6jv+eAIc/7NeaE2pp9l6igFXuRV43T3HQl43 dM9w== MIME-Version: 1.0 X-Received: by 10.236.142.227 with SMTP id i63mr8052877yhj.88.1406900383848; Fri, 01 Aug 2014 06:39:43 -0700 (PDT) Received: by 10.170.132.80 with HTTP; Fri, 1 Aug 2014 06:39:43 -0700 (PDT) In-Reply-To: References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> <201407201230590265.00B479C4@smtp.24cl.home> <20140729103512.GC89995@FreeBSD.org> <53DA304E.6020105@herveybayaustralia.com.au> <20140731134147.GH2402@glebius.int.ru> <53DB9017.3000304@buildingonline.com> Date: Fri, 1 Aug 2014 14:39:43 +0100 Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? From: krad To: Warren Block Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: Dan Busarow , FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2014 13:39:45 -0000 ordering is also straight forward, which wasnt the case, but then i hope im well out of date. At least ipfw has tables now, as i couldnt live without them now. to be fair you have missed 'pf_enable=yes' in the rc.conf On 1 August 2014 14:20, Warren Block wrote: > On Fri, 1 Aug 2014, Dan Busarow wrote: > > >> On 8/1/14, 1:39 AM, krad wrote: >> >>> I always found natting in ipfw rather awkward and harder than in pf. >>> Looking at the man page it doesnt seem to have changed. I should probably >>> give it another go though as it has been about 10 years now >>> >> >> Couldn't be much easier than the way it works now >> >> e.g. >> >> firewall_enable="YES" >> firewall_type="OPEN" >> natd_enable="YES" >> natd_interface="em0" >> natd_flags="-s -m -u" >> >> All of the builtin rulesets know about NAT >> >> My home network has two internal nets each with it's own wifi AP and the >> above handles it. >> >> natd_interface is your outside facing interface. >> > > In pf, it is just an entry in the rules: > > nat on $ext_if from $internal_net to any -> ($ext_if) > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >