Thanks to the kind help on this list, my test firewall successfully runs
OpenBSD 3.7 and is basically configured. I now need to think about
migrating my existing netfilter rule set to pf and would like to ask
also some general questions to understand the concept(s) suffiently.
If I understand correctly, pf has no 'forward' chain like netfiler
(which is probably by design). I have to admit I've found it pretty
handy to use forward chains since one does not have to specify IN and
OUT rules separately. But I don't want to argue about that. The simple
question is: Does that mean, a netfilter forward rules needs to be
replaced by two pf rules (in general)?
Thanks,
--
Stephan A. Rickauer
----------------------------
Institut f|r Neuroinformatik
Universitdt / ETH Z|rich
Winterthurerstriasse 190
CH-8057 Z|rich
Tel: +41 44 635 30 50
Sek: +41 44 635 30 52
Fax: +41 44 635 30 53
http://www.ini.ethz.ch
----------------------------