Loading table data into pf at start-up
Gergely CZUCZY
phoemix at harmless.hu
Mon May 29 13:51:56 PDT 2006
On Mon, May 29, 2006 at 03:37:58PM -0500, PauAmma wrote:
> /etc/rc.d/pf will happily let you load a rules file into pf, but
> unfortunately won't let you load table data if it doesn't fit on a single
> line or if you want to store table data in other files for any reason.
>
> pfctl only allows one -f option, so creative use of pf_flags won't help,
> so I added a configuration variable, pf_tables, and some extra logic in
> pf_start() to handle it.
>
> pf_tables is a space-separated list of action:table:file tuples, eg:
> pf_tables="a:idiots4:/etc/pf.idiots4 a:idiots6:/etc/pf.idiots6"
what's the problem with a ruleset like
table <abuse_ssh> persist file "/etc/pf-abuse_ssh"
table <goodguys> persist file "/etc/goodguys"
i have this, and works jolly good.
so, what's the trouble with this?
Bye,
Gergely Czuczy
mailto: gergely.czuczy at harmless.hu
PGP: http://phoemix.harmless.hu/phoemix.pgp
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060529/62a62a3e/attachment.pgp
More information about the freebsd-pf
mailing list