{"id":416,"date":"2005-06-06T01:55:51","date_gmt":"2005-06-06T01:55:51","guid":{"rendered":"http:\/\/maydanoz.arved.priv.at\/blog\/?p=416"},"modified":"2005-06-06T01:55:51","modified_gmt":"2005-06-06T01:55:51","slug":"migrating_to_pf","status":"publish","type":"post","link":"https:\/\/arved.priv.at\/weblog\/2005\/06\/06\/migrating_to_pf\/","title":{"rendered":"Migrating to PF"},"content":{"rendered":"<p>So Teemu has been nagging me for some time. And Darren seems to have no time to fix ipfilter.<br \/>\nSo today i migrated to pf. It was quite straight forward, although not as easy as the ipfw -> ipfilter Migration a few years ago, which worked surprisingly on my first try.<br \/>\nThis time i needed three tries, first i added the wrong pass rules for the redirect rules (In ipfilter the nat is done after filtering, in PF before the filtering), than i confused $int_if:network with $internal_net (no they are not identical in my case), and the last error was, i was blocking RFC1918 nets although i was using one \ud83d\ude42 (the cause of this error is similar to the first error).<br \/>\nI still don&#8217;t quite understand my ruleset (especially, why outgoing ntp packets get blocked although i have allowed all tcp udp outgoing).<br \/>\nBut the essential parts seem to work, I can IRC and i can receive emails and you can read my blog.<br \/>\nI will try to fix the cornercases over the next week and try to look at the more sophisticated rules, like spamd, altq, carp, etc.<br \/>\nWhat i really like about PF is the pflog0 device, it makes it really easy to analyze errors in the ruleset.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So Teemu has been nagging me for some time. And Darren seems to have no time to fix ipfilter. So today i migrated to pf. It was quite straight forward, although not as easy as the ipfw -> ipfilter Migration a few years ago, which worked surprisingly on my first try. This time i needed &hellip; <a href=\"https:\/\/arved.priv.at\/weblog\/2005\/06\/06\/migrating_to_pf\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Migrating to PF&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-416","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"_links":{"self":[{"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/posts\/416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/comments?post=416"}],"version-history":[{"count":0,"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/posts\/416\/revisions"}],"wp:attachment":[{"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/media?parent=416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/categories?post=416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arved.priv.at\/weblog\/wp-json\/wp\/v2\/tags?post=416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}