Thanks Your 3 way is good . I choose number 3 . I have pf.conf from FreeBSD and it work good for me over 3 months. But sometimes it dose not work good , I said my problem in first email . I want only understand : is this pf.conf work great in opnbsd or no ? And I want find my mistake if I have in pf.conf I want know is this pf.conf has problems or no ? Thanks all guys help me to solve this problem On Nov 8, 2011 1:18 PM, "David Walker" <davidianwal...@gmail.com> wrote:
> Mostaf Faridi <mostafafaridi () gmail ! com> wrote: > > Thanks all guys > > Sorry for my bad English I , only understand is this pf.conf work in > > openbsd 5 or no .? Which part I must edit and change it > > Is this pf.conf is correct ? > > Thanks in advance > > You're doing it wrong. > > Three ways you could write a pf.conf for OpenBSD ... > > 1. > ... start from scratch (start from nothing). > Read the documentation that comes with that release, in this case the > pf.conf man page for OpenBSD 5.0 ... > > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.0 > Read a vendor supplied FAQ ... for additional help ... if it relates > to that release. > In this case: > http://www.openbsd.org/faq/pf/index.html > If you are careful and do your homework you might have the odd > question and then you can search the archives, do a Google, post to > misc@ and so on. See here: > http://www.openbsd.org/mail.html > Dumping an entire pf.conf isn't part of this process. > > 2. > ... you go from one OpenBSD release to another OpenBSD release. > For example OpenBSD 4.9 to OpenBSD 5.0 ... and use this: > http://www.openbsd.org/plus50.html > Everything to do with pf.conf (e.g. the first item on that page) > should prompt you to examine your existing rules and see if they need > modifying ... referring to the pf.conf man page, which is probably > good practice anyway. > Note, that requires a working pf.conf from the same vendor (e.g. an > existing ruleset from OpenBSD) and a willingness to follow the dots > (i.e. the plus pages) ... > Dumping an entire pf.conf isn't part of this process either. > > 3. > Use a pf.conf from a different release ... and a different operating > system ... > You either have to track between FreeBSD then and OpenBSD now ... two > different trees over however many years ... > ... or track between FreeBSD then, whatever pf they imported from > OpenBSD then and do method 2 over any number of OpenBSD releases ... > > Sometimes starting from scratch is the way to go. > > If you can get a new pf.conf from a FreeBSD one without too much > confusion you should still understand it anyway to apply it to your > real ruleset as opposed to your copy paste example ... see method 1. > > Regardless, dumping a large conf and asking people to "fix" it for you > without any evidence you've tried yourself won't fly around here. > Copy and paste administration will only lead to misery or reading man > pages anyway or both ... > > Apart from the lack of paragraphs in your first mail your english is fine. > > Best wishes.
