On Fri, Oct 19, 2007 at 03:15:03PM +0100, Richard Wilson wrote:

quoted text
> I appeal to the PF masters for some education on how to do something,

> because if I can't work out how to do it using PF, I'll have to do it

> with iptables. Eep!

[snip the details]
> That's about it really. If I can get it to work, I can persuade the boss

quoted text
> to let me keep running everything off OpenBSD. If not, I'll have to wrap

> my head round iptables syntax, as apparently the boss 'Used to do it on

> Red Hat and everything worked fine.' Eugh.

> 

If in the end, you do have to use iptables (either because you couldn't

get PF to do it the way the boss wants or because the boss ends up

_wanting_ iptables), you may want to look at shorewall.  It builds

iptables firewalls using syntax that is remarkably similar to PF; in

that I'm new to OpenBSD but come from Debian and could never get my head

around iptables.  I used shorewall in Debian and found that based on

that, the PF manual both made sense and the concepts were similar.  
Doug.