Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenBSD Firewall to PF Sense

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amithad
      last edited by

      Hi,

      I'm pretty new to BSD based firewalls. I know PF Sense is a robust firewall. At my current setup I found that the firewall runs on OpenBSD 5.3 platform and it is configured using pf.conf

      I want to upgrade my current setup, and I'm bit concern that an OpenVPN setup some port forwarding setup runs on the current system. What should I do to migrate from OpenBSD firewall to PFSense? I found it's pretty complex to configure the current firewall. Is there any easy method to backup the current configuration of the OpenBSD firewall and restore it on a newly installed PF Sense firewall?

      Thank you

      Amitha

      1 Reply Last reply Reply Quote 0
      • M
        mer
        last edited by

        I went from a reasonably simple FreeBSD/pf setup to a pfSense appliance.    pfctl -sa (or -sr, -sn for the various bits) helped a lot in understanding what pfSense was doing.  As for directly importing a pf.conf from *BSD into pfSense, I'm not sure if there is a way.  If you look at the output of pfctl -sr on pfSense, they add a bunch of stuff in before the userrules anchor.  OpenVPN is relatively easy to setup and configure in pfSense (at least according to what people here say, I have not done anything with it), so it may not be that big of an issue.

        To migrate, dump the rules on the OpenBSD box for comparison to pfSense output.
        Your OpenBSD pf.conf is a good starting point for pfSense config:  macros for ip addresses and port numbers used in rules translate pretty easily into pfSense aliases.  Configuring NAT on pfSense is easy.

        Set up your pfSense box as another endpoint on your existing LAN side so you can access the web interface, then you can compare side by side, then simply flip a switch ( hook up pfSense WAN, point existing LAN clients to pfSense as gateway).  That's what I did.

        1 Reply Last reply Reply Quote 0
        • A
          amithad
          last edited by

          Many thanks for the info.  :)

          1 Reply Last reply Reply Quote 0
          • M
            mer
            last edited by

            No problem.  If you understand your pf.conf, it's pretty easy to figure out pfSense settings.  Any added firewall rules you add wind up near the bottom, anchored by "userrules".  pfSense adds a "quick" to them so keep that in mind on the ordering.  Check with pfctl -sr often.

            1 Reply Last reply Reply Quote 0
            • A
              amithad
              last edited by

              Thank you  :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.