Date: Mon, 20 Jan 2020 09:37:36 -0500 From: mike tancsa <mike@sentex.net> To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: automatic tables / self statement in pf.conf Message-ID: <5a989609-3366-bcc0-3e6f-d0ad29046f61@sentex.net>
next in thread | raw e-mail | index | archive | help
I have a process that runs every few min looking to see if the pf rules changed on some of our firewalls. On one customer unit, we have a "self" statement and the script detected a change this morning. The rule reads block log quick from <rejects> to self block log quick from self to <rejects> but when shown it looks like block drop log quick inet from <rejects> to <__automatic_32a5c00f_0> block drop log quick inet from <__automatic_32a5c00f_1> to <rejects> I guess 'self' is treated like a table ? The diff that got flagged looked like -block drop log quick inet from <rejects> to <__automatic_786310c4_0> -block drop log quick inet from <__automatic_786310c4_1> to <rejects> +block drop log quick inet from <rejects> to <__automatic_32a5c00f_0> +block drop log quick inet from <__automatic_32a5c00f_1> to <rejects> What would trigger the table name to change like that ? Also, is there a better way to monitor pf rule changes ? I dont see any mention in FreeBSD audit ? ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a989609-3366-bcc0-3e6f-d0ad29046f61>