[EMAIL PROTECTED] writes: > Is there a document that describes how to translate common IPFilter > constructs to pf?
To my knowledge, no such document exists, at least not any for public consumption. You're not the first one to suggest that writing a IPF to PF or IPFW to PF migration guide would be useful, though, so it's one of several possible projects. > Specifically, I'm looking for the pf equivalent of IPFilter's > > map $ext_if 192.168.10.0/24 -> 1.2.3.4/32 proxy port 500 ipsec/udp > map $ext_if 192.168.10.0/24 -> 1.2.3.4/32 proxy port 10000 ipsec/tcp > map $ext_if 192.168.10.0/24 -> 1.2.3.4/32 portmap tcp/udp 1025:65000 > map $ext_if 192.168.10.0/24 -> 1.2.3.4/32 browsing the IPF howto briefly, I think you should be able to get those done via rdr constructs and matching pass rules. The finer details escape me, though. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.
