From owner-freebsd-current@FreeBSD.ORG  Sun Apr 14 09:54:48 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 1C03AC01;
 Sun, 14 Apr 2013 09:54:48 +0000 (UTC)
 (envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 by mx1.freebsd.org (Postfix) with ESMTP id D07748DB;
 Sun, 14 Apr 2013 09:54:47 +0000 (UTC)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id C14A728423;
 Sun, 14 Apr 2013 11:54:39 +0200 (CEST)
Received: from [192.168.1.2] (ip-89-177-49-222.net.upcbroadband.cz
 [89.177.49.222])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id AC2EC28429;
 Sun, 14 Apr 2013 11:54:38 +0200 (CEST)
Message-ID: <516A7CDD.7080201@quip.cz>
Date: Sun, 14 Apr 2013 11:54:37 +0200
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14
MIME-Version: 1.0
To: Rui Paulo <rpaulo@felyko.com>
Subject: Re: ipfilter(4) needs maintainer
References: <20130411201805.GD76816@FreeBSD.org>
 <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org>
 <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org>
 <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org>
 <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org>
 <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org>
 <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com>
 <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com>
In-Reply-To: <F45FFB8A-4B54-4AEF-AA19-D96DAD0C399D@felyko.com>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Cc: "current@freebsd.org" <current@FreeBSD.org>,
 "net@freebsd.org" <net@FreeBSD.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2013 09:54:48 -0000

Rui Paulo wrote:
> 2013/04/13 16:01、Scott Long<scott4long@yahoo.com>  のメッセージ:
> 
>> Maybe something else, but whatever it is, it should be done.  If you and Gleb don't want to do this, I will.
> 
> I already started writing a guide. See here for a very incomplete version:
> 
> http://people.freebsd.org/~rpaulo/ipf-deprecation/article.html

1.1 ipftest
PF rules can be checked with pfctl -n:
-n      Do not actually load rules, just parse them

For example:
pfctl -nvf /etc/pf.conf.tmp


3 Examples
3.1  Filtering

ipf.conf and pf.conf has the same syntax for basic filtering rules, so
you can use it on the right side to:

block in on le0 proto tcp from 10.1.1.1/32 to any

pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A


Miroslav Lachman