Date: Fri, 1 Aug 2014 14:39:43 +0100 From: krad <kraduk@gmail.com> To: Warren Block <wblock@wonkity.com> Cc: Dan Busarow <dan@buildingonline.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <CALfReycy-Qw-GUoF94kwMU8s1TEtAL_qfVtDFhpF2znc_iMzFA@mail.gmail.com> In-Reply-To: <alpine.BSF.2.11.1408010716450.26876@wonkity.com> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> <201407201230590265.00B479C4@smtp.24cl.home> <20140729103512.GC89995@FreeBSD.org> <53DA304E.6020105@herveybayaustralia.com.au> <20140731134147.GH2402@glebius.int.ru> <CALfReyerXQm6ehhtKXcJ9XD5fr=0LBShtD8EAUjd9p07xcQvjw@mail.gmail.com> <53DB9017.3000304@buildingonline.com> <alpine.BSF.2.11.1408010716450.26876@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ordering is also straight forward, which wasnt the case, but then i hope im well out of date. At least ipfw has tables now, as i couldnt live without them now. to be fair you have missed 'pf_enable=yes' in the rc.conf On 1 August 2014 14:20, Warren Block <wblock@wonkity.com> wrote: > On Fri, 1 Aug 2014, Dan Busarow wrote: > > >> On 8/1/14, 1:39 AM, krad wrote: >> >>> I always found natting in ipfw rather awkward and harder than in pf. >>> Looking at the man page it doesnt seem to have changed. I should probably >>> give it another go though as it has been about 10 years now >>> >> >> Couldn't be much easier than the way it works now >> >> e.g. >> >> firewall_enable="YES" >> firewall_type="OPEN" >> natd_enable="YES" >> natd_interface="em0" >> natd_flags="-s -m -u" >> >> All of the builtin rulesets know about NAT >> >> My home network has two internal nets each with it's own wifi AP and the >> above handles it. >> >> natd_interface is your outside facing interface. >> > > In pf, it is just an entry in the rules: > > nat on $ext_if from $internal_net to any -> ($ext_if) > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReycy-Qw-GUoF94kwMU8s1TEtAL_qfVtDFhpF2znc_iMzFA>