On Monday 10 July 2006 02:23, Fire walls wrote: > I start working with pf, my first firewall is running ipf, my doubt > is, we have the flag "y" on ipf, on pf we dont need any more that > setting?, because before every time i connect to my isp i run the > ppp.linkup with the command !bg /sbin/ipf -y, how pf handle that?
With pf a simple "pfctl -f config.file" will do the same in 99% of the time unless you have tables predefined in the config file that were changed later on - in that case you will lose the changes. As a better alternative, pf has the "(interfacename)" syntax. Whereever you want to say "addresses on tun0" you can say "(tun0)". For instance you would want to write things like: nat on $ext_if inet from ($int_if:network) to any -> ($ext_if) this - in contrast to: nat on $ext_if inet from $int_if:network to any -> $ext_if will track changes of the interface address automatically. See pf.conf(5) for more details on this. Make sure that you use the "()" syntax everywhere to avoid surprises. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpSgxKsdDQHW.pgp
Description: PGP signature
