From owner-freebsd-questions@FreeBSD.ORG Sat Apr 26 02:10:20 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 424E063F for ; Sat, 26 Apr 2014 02:10:20 +0000 (UTC) Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [IPv6:2001:4b98:c:538::197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 018E51470 for ; Sat, 26 Apr 2014 02:10:19 +0000 (UTC) Received: from mfilter20-d.gandi.net (mfilter20-d.gandi.net [217.70.178.148]) by relay5-d.mail.gandi.net (Postfix) with ESMTP id C13E941C05C for ; Sat, 26 Apr 2014 04:10:16 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter20-d.gandi.net Received: from relay5-d.mail.gandi.net ([217.70.183.197]) by mfilter20-d.gandi.net (mfilter20-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id p++oagaUg6aq for ; Sat, 26 Apr 2014 04:10:15 +0200 (CEST) X-Originating-IP: 50.66.93.227 Received: from [192.168.42.150] (unknown [50.66.93.227]) (Authenticated sender: lists@gooch.io) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id AB22941C062 for ; Sat, 26 Apr 2014 04:10:14 +0200 (CEST) Message-ID: <535AB7C7.4090806@gooch.io> Date: Fri, 25 Apr 2014 12:30:15 -0700 From: Jesse Gooch User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: pf on Freebsd 10 References: <535AC7FF.3020301@hdk5.net> In-Reply-To: <535AC7FF.3020301@hdk5.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Apr 2014 02:10:20 -0000 Hi Al, On 25/04/14 01:39 PM, Al Plant wrote: > Code has changed for pf under FreeBSD. I have tried to make a firewall > using FreeBSD 10 but some of the new code doesnt work? Yes, the pf in FreeBSD was ported from OpenBSD, but I can't recall which version or when. > Is it possible to use pf on FreeBSD 10 as a firewall for a web server > and a mail server on a single public IP using nat? I use pf on FreeBSD 10 for a very similar setup, and it works great. > The problem is that it seems that pf code works on Open BSD 5.* where > the FreeBSD 10 is not accepting the current pf version code. Only some > code works now on FreeBSD 9 and 10. Yes, I think OpenBSD changed much of the syntax for the pf config file some time ago. I'm not sure if the changes stretched further than that though. > Should I make the firewall on a Open BSD box or is there a how to > get the newer code to work with FreeBSD 10? Or is one of our gurus > working on up grading the FreeBSD pf? Perhaps you could lurk on the freebsd-pf mailing list[1] if you want to learn more about pf on FreeBSD? I don't see why you must use OpenBSD, pf on FreeBSD should do what you describe. Maybe you need some features specific to the OpenBSD pf? Sorry I just don't have enough info to make a recommendation. [1] http://lists.freebsd.org/mailman/listinfo/freebsd-pf > Is there some where that the version of pf that works with FreeBSD 10 is > named? Handbook is vague as to what works for pf. It seems that many of > the new commands for the Open BSD 5 * pf arent recognized by the FreeBSD > 10 release. I recommend reading the handbook chapter on pf[2], as well as the manpages for pf.conf[3]. These two documents were invaluable to me when constructing my pf configuration file. [2] https://www.freebsd.org/doc/handbook/firewalls-pf.html [3] http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+10.0-RELEASE&arch=default&format=ascii > Thanks for any help. You're welcome! I hope the information I provided was helpful.