need help figuring out if pf is right for me.

Rance Hall ranceh at gmail.com
Mon Mar 31 12:18:39 PDT 2008


Ive been tasked with writing a firewall script for a client, and I'm
looking at pf for the firewall.

so far the only requirement I cant seem to find an example of how to
do is to actually script the pf rules from a shell script.

The project entails two pieces.  A firewall script, and a config file
which is parsed by the firewall script for values for variables.

example:

#!/bin/sh

CONFIG_FILE=/path/to/config

if [ -e $CONFIG_FILE ] ; then
  . $CONFIG_FILE
else
   (fail miserably)
fi

pf macro based rules go here

END

Idea being that the same script can be used multiple places by just
changing the config file, also that there is some job duty split
between the setup of the firewall and the execution of the firewall.

Can I do this with pf in a way that makes at least some sense?

Thanks for your help


More information about the freebsd-pf mailing list