Converting pf.conf from OpenBSD 4.2 to latest pfSense



  • Greetings all,

    I was wondering how to convert the pf.conf rule set from an OpenBSD 4.2 server to the latest pfSense release.

    A friend of mine recently took over managing the firewall for his company and quickly found out the existing firewall is an old BSD version using a text-based pf.conf file.  I suggested he use pfSense, but I don't know how to convert his current pf.conf file into pfSense.

    Any pointers?



  • AFAIK, pfSense's config is completely in PHP or some other scripting language and must be configured via the GUI. Any changes outside of the GUI will be wiped by the GUI's stored config.

    So, I think you/he are mostly screwed.



  • The config is in XML.

    If you write a parser for it, it could work…. It's probably much quicker to create a new ruleset if you have less then a couple of hundred rules



  • Do keep in mind that pfSense creates the PF rules programmatically from the abstract rule descriptions in the XML config and uses its own methodology for ordering the rules and implementing certain things of the ruleset. A hand written ruleset on the other hand can use all kinds of tricks to optimize it and it's practically impossible to write a parser that would take into account those tricks and follow the logic used by the creator of the ruleset and convert the ruleset into the abstract descriptions required by pfSense.



  • Thanks everyone for the great replies.  As I suspected, this will be a long, tedious manual process.


Log in to reply