On Fri, Oct 19, 2007 at 03:15:03PM +0100, Richard Wilson wrote: > I appeal to the PF masters for some education on how to do something, > because if I can't work out how to do it using PF, I'll have to do it > with iptables. Eep!
[snip the details] > That's about it really. If I can get it to work, I can persuade the boss > to let me keep running everything off OpenBSD. If not, I'll have to wrap > my head round iptables syntax, as apparently the boss 'Used to do it on > Red Hat and everything worked fine.' Eugh. > If in the end, you do have to use iptables (either because you couldn't get PF to do it the way the boss wants or because the boss ends up _wanting_ iptables), you may want to look at shorewall. It builds iptables firewalls using syntax that is remarkably similar to PF; in that I'm new to OpenBSD but come from Debian and could never get my head around iptables. I used shorewall in Debian and found that based on that, the PF manual both made sense and the concepts were similar. Doug.
