PF Changes with 9.0

jnbek · #1 May 2nd, 2012, 20:56

Hey y'all,

I have a router/firewall built with PF, been using the same config setup since v5.3-RELEASE days, with great success. I am currently running 8.1 on the router and am considering making the jump to the 9 series, but I've seen loads of posts here titled PF and 9.0 problems, and I've come to understand that the pf.conf syntax has changed. Is there a migration utility, How-To or a resource that I can reference before doing the upgrade, so I can keep downtime to as long as it takes the machine to reboot into 9.0? What other gotchas should I look for with the jump from 8.1 -> 9.0? I will be using csup/make world method of upgrading, since I've had great success and have done this method from the above mentioned 5.3 to 8.1 with a slight bit of heartache going to the 7 series that was easily overcome, but I want to be prepared beforehand so I can just state all the more how awesome FreeBSD is �e�e

kpa · #2 May 2nd, 2012, 21:08

The syntax hasn't changed at all, the pf(4) implementation in FreeBSD 9.0 comes from OpenBSD 4.5 that is the last version with the old syntax. Newer versions of PF in OpenBSD have the newer syntax as documented by the PF FAQ at http://www.openbsd.org/faq/pf/

jnbek · #3 May 2nd, 2012, 21:53

Sweet, did they offer a migration script or something?

suntzu · #4 May 3rd, 2012, 07:36

No. You have to read the release notes and change your firewall configuration by yourself.

Adrculda · #5 July 7th, 2012, 23:10

Let me know how it works out for you.
I'm running the new 2.1Beta but want Infiniband support which v8.3 doesn't offer...

Nevermind... thought you meant PFSense...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode