Mostaf Faridi <mostafafaridi () gmail ! com> wrote: > Thanks all guys > Sorry for my bad English I , only understand is this pf.conf work in > openbsd 5 or no .? Which part I must edit and change it > Is this pf.conf is correct ? > Thanks in advance
You're doing it wrong. Three ways you could write a pf.conf for OpenBSD ... 1. ... start from scratch (start from nothing). Read the documentation that comes with that release, in this case the pf.conf man page for OpenBSD 5.0 ... http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.0 Read a vendor supplied FAQ ... for additional help ... if it relates to that release. In this case: http://www.openbsd.org/faq/pf/index.html If you are careful and do your homework you might have the odd question and then you can search the archives, do a Google, post to misc@ and so on. See here: http://www.openbsd.org/mail.html Dumping an entire pf.conf isn't part of this process. 2. ... you go from one OpenBSD release to another OpenBSD release. For example OpenBSD 4.9 to OpenBSD 5.0 ... and use this: http://www.openbsd.org/plus50.html Everything to do with pf.conf (e.g. the first item on that page) should prompt you to examine your existing rules and see if they need modifying ... referring to the pf.conf man page, which is probably good practice anyway. Note, that requires a working pf.conf from the same vendor (e.g. an existing ruleset from OpenBSD) and a willingness to follow the dots (i.e. the plus pages) ... Dumping an entire pf.conf isn't part of this process either. 3. Use a pf.conf from a different release ... and a different operating system ... You either have to track between FreeBSD then and OpenBSD now ... two different trees over however many years ... ... or track between FreeBSD then, whatever pf they imported from OpenBSD then and do method 2 over any number of OpenBSD releases ... Sometimes starting from scratch is the way to go. If you can get a new pf.conf from a FreeBSD one without too much confusion you should still understand it anyway to apply it to your real ruleset as opposed to your copy paste example ... see method 1. Regardless, dumping a large conf and asking people to "fix" it for you without any evidence you've tried yourself won't fly around here. Copy and paste administration will only lead to misery or reading man pages anyway or both ... Apart from the lack of paragraphs in your first mail your english is fine. Best wishes.
