Delaying pf.conf loading
Mel
fbsd.questions at rachie.is-a-geek.net
Wed May 7 18:28:54 UTC 2008
On Wednesday 07 May 2008 19:21:22 Justin Jereza wrote:
> Hello.
>
> Is it possible to delay the loading of pf rules from pf.conf after ppp
> has connected and named is running through rc.conf?
No, the design of the rc system does not allow for rc.conf to alter the order
of the scripts executed, since rc.conf is loaded on a per-script basis and
the ordering is done based on 'comments' in the scripts themselves.
You can however, load an empty table with the appropreate name, then create an
rc script in /usr/local/etc/rc.d/ that fills the table with hostnames to
solve your problem.
Here's an example:
/etc/rc.conf:
pf_dyntables_enable="YES"
pf_dyntables_list="adservers"
/etc/pf.conf:
table <adservers> persist
/etc/pf/dynamic/adservers:
cdn.fastclick.net
ad.doubleclick.net
# etc etc
/usr/local/etc/rc.d/pf_dyntables:
#!/bin/sh
#
# PROVIDE: pf_dyntables
# REQUIRE: named pf ppp
. /etc/rc.subr
name="pf_dyntables"
rcvar=`set_rcvar`
start_cmd="${name}_start"
stop_cmd=":"
load_rc_config $name
: ${pf_dyntables_enable="NO"}
: ${pf_dyntables_dir="/etc/pf/dynamic"}
: ${pf_dyntables_list="NONE"}
pf_dyntables_start()
{
if test x"${pf_dyntables_list}" != x"NONE"; then
for table in ${pf_dyntables_list}; do
echo "Loading table <$table>"
cat ${pf_dyntables_dir}/${table} |/usr/bin/xargs \
${pf_program} -t ${table} -Tadd
done
else
echo hi
fi
}
run_rc_command "$1"
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions
mailing list