Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Apr 2013 11:54:37 +0200
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        Rui Paulo <rpaulo@felyko.com>
Cc:        "current@freebsd.org" <current@FreeBSD.org>, "net@freebsd.org" <net@FreeBSD.org>
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <516A7CDD.7080201@quip.cz>
In-Reply-To: <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com>
References:  <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Rui Paulo wrote:
> 2013/04/13 16:01$B!"(BScott Long<scott4long@yahoo.com>  $B$N%a%C%;!<%8(B:
> 
>> Maybe something else, but whatever it is, it should be done.  If you and Gleb don't want to do this, I will.
> 
> I already started writing a guide. See here for a very incomplete version:
> 
> http://people.freebsd.org/~rpaulo/ipf-deprecation/article.html

1.1 ipftest
PF rules can be checked with pfctl -n:
-n      Do not actually load rules, just parse them

For example:
pfctl -nvf /etc/pf.conf.tmp


3 Examples
3.1  Filtering

ipf.conf and pf.conf has the same syntax for basic filtering rules, so
you can use it on the right side to:

block in on le0 proto tcp from 10.1.1.1/32 to any

pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A


Miroslav Lachman

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?516A7CDD.7080201>