`echo <something> | pfctl -mf -` overriding instead of modifying
Niklaas Baudet von Gersdorff
stdin at niklaas.eu
Thu May 26 11:46:48 UTC 2016
Niklaas Baudet von Gersdorff [2016-05-18 09:24 +0200] :
> Initially, I only used the `-f -` flags for pfctl (instead of `-mf -`) and
> realised that making changes to the anchor overrides existing rules. So
> I read pfctl(8) where it says
> -m Merge in explicitly given options without resetting those
> which are omitted. Allows single options to be modified without
> disturbing the others:
> # echo "set loginterface fxp0" | pfctl -mf -
> So I thought that adding `-m` to the rule in the second `exec.poststart`
> will include (instead of replace) the rules into the anchor. But this is
> not the case. What am I doing wrong? Do I misunderstand `-m`?
I clearly misunderstood -m. It says that it merges "given *options*
without resetting those which are omitted" i.e., options and not rules.
No wonder that it's not working.
I will recheck pfctl(8) but I assume that there is no other way than
inserting the rules in questions in a one-liner -- or using different
anchors like jails/$name-ipv4 and jails/$name-ipv6.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the freebsd-pf