1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PF Changes with 9.0

Discussion in 'Firewalls' started by jnbek, May 2, 2012.

  1. jnbek

    jnbek New Member

    Messages:
    97
    Likes Received:
    0
    Hey y'all,

    I have a router/firewall built with PF, been using the same config setup since v5.3-RELEASE days, with great success. I am currently running 8.1 on the router and am considering making the jump to the 9 series, but I've seen loads of posts here titled PF and 9.0 problems, and I've come to understand that the pf.conf syntax has changed. Is there a migration utility, How-To or a resource that I can reference before doing the upgrade, so I can keep downtime to as long as it takes the machine to reboot into 9.0? What other gotchas should I look for with the jump from 8.1 -> 9.0? I will be using csup/make world method of upgrading, since I've had great success and have done this method from the above mentioned 5.3 to 8.1 with a slight bit of heartache going to the 7 series that was easily overcome, but I want to be prepared beforehand so I can just state all the more how awesome FreeBSD is �e�e
     
  2. kpa

    kpa Member

    Messages:
    4,005
    Likes Received:
    9
    The syntax hasn't changed at all, the pf(4) implementation in FreeBSD 9.0 comes from OpenBSD 4.5 that is the last version with the old syntax. Newer versions of PF in OpenBSD have the newer syntax as documented by the PF FAQ at http://www.openbsd.org/faq/pf/
     
  3. jnbek

    jnbek New Member

    Messages:
    97
    Likes Received:
    0
    Sweet, did they offer a migration script or something?
     
  4. suntzu

    suntzu New Member

    Messages:
    21
    Likes Received:
    0
    No. You have to read the release notes and change your firewall configuration by yourself.
     
  5. Adrculda

    Adrculda New Member

    Messages:
    17
    Likes Received:
    0
    Let me know how it works out for you.
    I'm running the new 2.1Beta but want Infiniband support which v8.3 doesn't offer...

    Nevermind... thought you meant PFSense...