Loading table data into pf at start-up
PauAmma
pauamma at gundo.com
Mon May 29 13:38:02 PDT 2006
/etc/rc.d/pf will happily let you load a rules file into pf, but
unfortunately won't let you load table data if it doesn't fit on a single
line or if you want to store table data in other files for any reason.
pfctl only allows one -f option, so creative use of pf_flags won't help,
so I added a configuration variable, pf_tables, and some extra logic in
pf_start() to handle it.
pf_tables is a space-separated list of action:table:file tuples, eg:
pf_tables="a:idiots4:/etc/pf.idiots4 a:idiots6:/etc/pf.idiots6"
For each tuple, my patched /etc/rc.d/pf runs:
pfctl -T <action> -t <table> -f <file> $pf_flags
I tested that with /etc/rc.d/pf 1.3.2.2, and it works fine under
5.4-RELEASE-p14. If there's any interest, I can supply a patch against
1.3.2.2, or (if there's any interest) an untested patch against 1.12 (no
-HEAD running here, so I can't test it).
Suggestions/Comments/"Go file a PR" requests all welcome.
(please cc me on list replies - I don't follow it regularly)
More information about the freebsd-pf
mailing list