Hi Marc, Thanks for your advice but i have already tested fwbuilder. The builder is nice to edit a big ruleset, but i dislike the concept of global- and interface-policy. In global policy-section i missed the direction for packets. An example: If you want to edit some antispoof rules, you have to use the interface policies because of the direction and so you have to write more rules than only say "antispoof for $ext_if inet" in pf.conf. Futhermore i missed some features like synproxy, statefull tracking options an bandwith management.
cheers Joerg. Am Donnerstag, den 02.02.2006, 14:17 +0100 schrieb Marc Peters: > hi joerg, > > you may want to have a look at firewall builder (www.fwbuilder.org). it > can produce rulesets for pf, but you should have a look at the conf > later on and check the ruleset if it fits your needs. > > hth, > marc -- Joerg Streckfuss, DFN-CERT Services GmbH PGP RSA/2048, E0D4BD3F, 90 C3 FB 4A CB D3 20 70 6B 04 47 84 B5 3C 28 8C [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
