Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Converting fbsd pf.conf to pfsense config.xml

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Mikey
      last edited by

      Anyone have any tools for doing so, or general tips? I've yet to locate in the webUI a spot to change state-policy or state timeouts, create tables, handle 802.1q filtering, or rate limit overloading (dumping overflow into a pf table).

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Some of those may only be possible on 2.0. State timeouts can be adjusted in a rule's advanced options. We don't have a GUI field to adjust state-policy. Tables in our GUI are called aliases. For VLANs just make a VLAN interface for each VLAN you want to access, instead of filtering in pf rules directly (unless I am not understanding how you're using that.) And as for rate limit overloading, I'm not sure on that one. The end result could probably be accomplished between various traffic shaper functions.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M Offline
          Mikey
          last edited by

          Meant the default timeouts. Such as:

          set timeout tcp.first 2
          set timeout tcp.established 3600
          set timeout tcp.closing 2
          set timeout tcp.closed 600

          set timeout udp.first 2
          set timeout udp.multiple 3600

          set timeout icmp.first 2

          set timeout other.first 2
          set timeout other.multiple 3600

          set timeout adaptive.start 20000
          set timeout adaptive.end 220000

          I am playing with 2.0, looks pretty good. Took a patch from FreeBSD mainline to support my 8 port serial card. Had to recompile the kernel with puc enabled for it to work, but it works like a charm. Overloading dumps excess entries into a table, which can be used for later processing. For example, I have different uplinks wrapped in different 802.1Q tags. When something passes reverse path verification (something else I can't yet locate), and exceeds 90 syns/min, it dumps the IP into the synflood table. 5 minutes later, it's removed.

          I live in the CLI. However, the guy that pays my bills does not, and most of the people on my team are specialized in a specific talent. This means a GUI is needed. pfSense has impressed me, and once I become familiar with its source, I do plan on submitted many a patch.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.