next up previous contents
Next: 6 Other documentation Up: The OpenBSD Packet Filter Previous: 4 Firewalling tricks   Contents


5 Migrating from IPFilter

The ruleset model OpenBSD PF uses was modelled after that of IPFilter. There are also quite a few differences, which this section tries to document.

5.1 head and group are gone

The head and group keywords, which were used in IPFilter to group a number of rules, are no longer needed under OpenBSD PF. If you used to use head and group, you'll have to manually re-order your rulesets so they'll work under OpenBSD PF.

OpenBSD PF has an automatic scheme for ruleset optimization, called skip step. See section 2.9 for more information.

Wouter Coene 2002-04-05