Date: Thu, 26 May 2016 13:46:45 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: `echo <something> | pfctl -mf -` overriding instead of modifying Message-ID: <20160526114645.GB49239@box-fra-01.niklaas.eu> In-Reply-To: <20160518072409.GD99839@box-fra-01.niklaas.eu> References: <20160518072409.GD99839@box-fra-01.niklaas.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Niklaas Baudet von Gersdorff [2016-05-18 09:24 +0200] :
[...]
> Initially, I only used the `-f -` flags for pfctl (instead of `-mf -`) and
> realised that making changes to the anchor overrides existing rules. So
> I read pfctl(8) where it says
>=20
> -m Merge in explicitly given options without resetting those
> which are omitted. Allows single options to be modified without
> disturbing the others:
>=20
> # echo "set loginterface fxp0" | pfctl -mf -
>=20
> So I thought that adding `-m` to the rule in the second `exec.poststart`
> will include (instead of replace) the rules into the anchor. But this is
> not the case. What am I doing wrong? Do I misunderstand `-m`?
I clearly misunderstood -m. It says that it merges "given *options*
without resetting those which are omitted" i.e., options and not rules.
No wonder that it's not working.
I will recheck pfctl(8) but I assume that there is no other way than
inserting the rules in questions in a one-liner -- or using different
anchors like jails/$name-ipv4 and jails/$name-ipv6.
Niklaas
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXRuIfAAoJEG2fODeJrIU/TywP/i8KIXlxjj0Sfq6WoSqSRhBK
KrKRT0wI02zTfIabaz/XrNLM/aolgCHMpOKoHOK2gkbCAp0Wqxg8asPGRoGNu0G6
rz1HZzWCMHSTpLUdTX5iot4r8l7vj7L4HxD4ZIgQJ58q7qA95HD5DlJhpDnvJzBX
/6QK8UeLE+09h+Nw6kHtGUSQ8fAahPoAAMf6vac1TpW4RcLm19GUSuhgafuA15s9
qihg3l0NIYSFtor53Hjg65lBUKwC8HDgQxjcSt6wh2fQuIFhlLNSWQjNxKmquyGH
1RHcvBdtGfsmV0bdpTzYIPda0LpSWt2yaHxRuPq7iKtPf/++ueZmwfIaFDo2+Zv3
c1PgQm60AveALrgHudVeSZikiLC1bIakEnR1gowL7ETgoInI/kS9mgVLjHIL8/FM
uHJXVQDK7Hc8bCTwIW6xfPPXg/6kYYyt1pb57hfG6j6t2roSoWP0c8L209J7E6kE
PxjhtM0h4WfleqxAT9kFt9LHx5RmksfhtwoqsPiWgE7zMdFjiJ0I6FyzRmpMXsxr
HgCrGT3q26ZEPk9hvyyNbbce3rFAYjoUjfCZYIaui+82RyIS8bkBhNAeZSWpWf6I
0t5Oe/2m0e5PoDAoLS52I05PvosOq5KfEWO4l9tnRbMavaMyJSHHlaDfGuhWUo/2
p70aepvzh+Bpqh+QqC9g
=Tg5N
-----END PGP SIGNATURE-----
--eAbsdosE1cNLO4uF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160526114645.GB49239>