OpenBSD Firewall to PF Sense
I'm pretty new to BSD based firewalls. I know PF Sense is a robust firewall. At my current setup I found that the firewall runs on OpenBSD 5.3 platform and it is configured using pf.conf
I want to upgrade my current setup, and I'm bit concern that an OpenVPN setup some port forwarding setup runs on the current system. What should I do to migrate from OpenBSD firewall to PFSense? I found it's pretty complex to configure the current firewall. Is there any easy method to backup the current configuration of the OpenBSD firewall and restore it on a newly installed PF Sense firewall?
I went from a reasonably simple FreeBSD/pf setup to a pfSense appliance. pfctl -sa (or -sr, -sn for the various bits) helped a lot in understanding what pfSense was doing. As for directly importing a pf.conf from *BSD into pfSense, I'm not sure if there is a way. If you look at the output of pfctl -sr on pfSense, they add a bunch of stuff in before the userrules anchor. OpenVPN is relatively easy to setup and configure in pfSense (at least according to what people here say, I have not done anything with it), so it may not be that big of an issue.
To migrate, dump the rules on the OpenBSD box for comparison to pfSense output.
Your OpenBSD pf.conf is a good starting point for pfSense config: macros for ip addresses and port numbers used in rules translate pretty easily into pfSense aliases. Configuring NAT on pfSense is easy.
Set up your pfSense box as another endpoint on your existing LAN side so you can access the web interface, then you can compare side by side, then simply flip a switch ( hook up pfSense WAN, point existing LAN clients to pfSense as gateway). That's what I did.
Many thanks for the info. :)
No problem. If you understand your pf.conf, it's pretty easy to figure out pfSense settings. Any added firewall rules you add wind up near the bottom, anchored by "userrules". pfSense adds a "quick" to them so keep that in mind on the ordering. Check with pfctl -sr often.
Thank you :)