hi

i have recently moved to freebsd from slack (on the server) and pf looks a bit out of my depth, it looks easy enough, but not easy enough for me

[HTML]#!/bin/bash
iptables -F INPUT
iptables -P INPUT DROP
iptables -F OUTPUT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -i lo -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2010 -j ACCEPT
#iptables -A INPUT -p tcp --dport 9000:9200 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.2 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.3 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.4 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.5 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 12.34.56.78 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 15.16.17.18 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 34.24.32.18 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 12.34.56.78 --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 15.16.17.18 --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 34.24.32.18 --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 12.34.56.78 --dport 2010 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 15.16.17.18 --dport 2010 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 34.24.32.18 --dport 2010 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 12.34.56.78 --dport 9000:9200 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 15.16.17.18 --dport 9000:9200 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 34.24.32.18 --dport 9000:9200 -j ACCEPT[/HTML]

is what iptables looks like on slackware, and it seems to work, what i am after is how i would need to convert this to pf, so that i would have the same security as i did on linux, i require pf to be able to allow ips and dns names for the rules above, i have googled for OpenBSD pf and the faq page i found is rather informative, but no matter how many times i re-read the pages i just cant seem to get it make sense.

Thanks for any help

Here's what I came up with...

Note that I don't know iptables that well and I'm still struggling on my own PF but it should give the idea.

thanks, someone helped me sort it on irc, after i spent an hour reading the openbsd pf faq, and me using 10 times as many rules as i needed, i got it right just too many rules

ext_if = "re0"
int_if = "em0"

block in on $ext_if from any to any
pass in on $int_if from { 164.168.1.1/24 } to any
pass in on $ext_if from { 192.168.1.1/24 } to any
pass in on $ext_if from { 12.34.56.78, 15.16.17.18, 34.24.32.18 } to { 80, 443, 2010, 9000:9200 }

hope that helps you in some way also