Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Jan 2020 12:10:55 -0500
From:      mike tancsa <mike@sentex.net>
To:        Patrick Lamaiziere <patfbsd@davenulle.org>
Cc:        "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   Re: automatic tables / self statement in pf.conf
Message-ID:  <5a1318f5-663a-3c83-34bb-330317c26cec@sentex.net>
In-Reply-To: <20200120161629.7f5725d9@mr185033.univ-rennes1.fr>
References:  <5a989609-3366-bcc0-3e6f-d0ad29046f61@sentex.net> <20200120161629.7f5725d9@mr185033.univ-rennes1.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
On 1/20/2020 10:16 AM, Patrick Lamaiziere wrote:
> What would trigger the table name to change like that ?	
> I think that names of automatic tables are more or less random. I've
> got two firewalls using the same ruleset (pf.conf) and the name
> of the automatic table for self is not the same on both.
>
> I thing a simple pfctl -f will change the name.
Yes, looks like it.
>> Also, is there a better way to monitor pf rule changes ?  I dont see
>> any mention in FreeBSD audit ?
> I don't know, may be the checksum changes when the ruleset changes ?

it does, but if someone added a rule and then removed it, the checksum
would be the same it seems and there would be no record of the addition
and deletion of the rule


    ---Mike



>
> # pfctl -vvvv -si
> No ALTQ support in kernel
> ALTQ related functions disabled
> Status: Enabled for 11 days 05:32:26          Debug: Urgent
>
> Hostid:   0x19478aad
> ===> Checksum: 0x964f5ae9bc221aa840ba7323cb649e32
>
> Interface Stats for all               IPv4             IPv6
> ...
>
> Regards,
>
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a1318f5-663a-3c83-34bb-330317c26cec>