Mark Shroyer escreveu:
On Mon, May 04, 2009 at 04:46:16PM -0300, Gonzalo Lionel Rodriguez wrote:
jaja OMG... i love PF and OpenBSD.
2009/5/4 Jason Dixon <ja...@dixongroup.net>:
LOL, you ain't seen nothing yet. Look at the "extended version" he just
sent out. :)
To be fair, I've seen some pretty horrid pf.conf files, too. (Although
I certainly prefer it over iptables in most cases.)
That's exactly why we have the ruleset optimizer. I still can recall
when i migrated one iptables firewall with more than 300 lines, and all
of then absolutely necessary, into one single pf.conf with no more than
60 lines (including spacing, identation, and commentary). That's why i
choose pf and got sticky with it. Now, on topic, I definitely recommend
for beginners, reading the pf faq. I never had worked with pf, and
migrated my ruleset in 2 days. But i was working with iptables on a
daily basis. If you are a little "rusty" with iptables, using fwbuilder
to convert your ruleset is a good start. It won't convert it "as is",
you will have to remove somethings, mainly the /proc stuff, and others.
After you have your first fwbuilder made ruleset, try reading it and
referring to the faq when you are in doubt. It will be quite helpful.
My regards,
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD Stable
Ubuntu 8.04 Hardy Heron
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
