adding to pf rules dynamically via a script
Ron Wilhoite
ronw at bals.org
Tue Mar 6 18:23:29 UTC 2007
On 03/06/2007 11:42 AM, rance at frontiernet.net wrote:
> could someone be so kind as to point to an example I can study as to
> how to add pf rules via a log monitoring script Im trying to port from
> linux.
>
> I know it can be done, but none of the docs I'm reading show how.
>
> I think I'm understanding that this is done with an anchor.
>
> but I'm having trouble finding a documented example I can study and
> learn from.
>
> Anybody know of a good doc on this, or have a well documented example
> they woulnt mind sharing?
Not sure if this is helpful as an example, but I use this script to
update a table stored in pf.badhosts then reload tables:
#!/bin/sh
#
# pfblock - add a host or network to pf.badhosts so pf will block it
#
if [ $# -eq 0 ]
then
echo "pfblock usage: pfblock ip.add.re.ss/cidr"
exit
fi
#
echo "$*" >> /etc/pf.badhosts
pfctl -T load -f /etc/pf.conf
Ron Wilhoite
More information about the freebsd-pf
mailing list