Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Converting pf.conf from OpenBSD 4.2 to latest pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 608 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp
      last edited by

      Greetings all,

      I was wondering how to convert the pf.conf rule set from an OpenBSD 4.2 server to the latest pfSense release.

      A friend of mine recently took over managing the firewall for his company and quickly found out the existing firewall is an old BSD version using a text-based pf.conf file.  I suggested he use pfSense, but I don't know how to convert his current pf.conf file into pfSense.

      Any pointers?

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        AFAIK, pfSense's config is completely in PHP or some other scripting language and must be configured via the GUI. Any changes outside of the GUI will be wiped by the GUI's stored config.

        So, I think you/he are mostly screwed.

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          The config is in XML.

          If you write a parser for it, it could work…. It's probably much quicker to create a new ruleset if you have less then a couple of hundred rules

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            Do keep in mind that pfSense creates the PF rules programmatically from the abstract rule descriptions in the XML config and uses its own methodology for ordering the rules and implementing certain things of the ruleset. A hand written ruleset on the other hand can use all kinds of tricks to optimize it and it's practically impossible to write a parser that would take into account those tricks and follow the logic used by the creator of the ruleset and convert the ruleset into the abstract descriptions required by pfSense.

            1 Reply Last reply Reply Quote 0
            • R
              rkelleyrtp
              last edited by

              Thanks everyone for the great replies.  As I suspected, this will be a long, tedious manual process.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.