automatic tables / self statement in pf.conf
mike tancsa
mike at sentex.net
Mon Jan 20 14:37:36 UTC 2020
I have a process that runs every few min looking to see if the pf rules
changed on some of our firewalls. On one customer unit, we have a
"self" statement and the script detected a change this morning. The
rule reads
block log quick from <rejects> to self
block log quick from self to <rejects>
but when shown it looks like
block drop log quick inet from <rejects> to <__automatic_32a5c00f_0>
block drop log quick inet from <__automatic_32a5c00f_1> to <rejects>
I guess 'self' is treated like a table ? The diff that got flagged
looked like
-block drop log quick inet from <rejects> to <__automatic_786310c4_0>
-block drop log quick inet from <__automatic_786310c4_1> to <rejects>
+block drop log quick inet from <rejects> to <__automatic_32a5c00f_0>
+block drop log quick inet from <__automatic_32a5c00f_1> to <rejects>
What would trigger the table name to change like that ?
Also, is there a better way to monitor pf rule changes ? I dont see any mention in FreeBSD audit ?
---Mike
More information about the freebsd-pf
mailing list