From owner-freebsd-pf@FreeBSD.ORG Tue Aug 25 15:28:12 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79ECA106568B for ; Tue, 25 Aug 2009 15:28:12 +0000 (UTC) (envelope-from peter@bsdly.net) Received: from skapet.bsdly.net (cl-426.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:1a9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 326968FC0C for ; Tue, 25 Aug 2009 15:28:12 +0000 (UTC) Received: from fcnoos-fw03.freecode.no ([88.87.57.60] helo=thingy.bsdly.net.bsdly.net) by skapet.bsdly.net with esmtp (Exim 4.69) (envelope-from ) id 1MfxwR-00058C-AW for freebsd-pf@freebsd.org; Tue, 25 Aug 2009 17:28:11 +0200 To: freebsd-pf@freebsd.org References: <4A93B203.2000305@gmail.com> From: peter@bsdly.net (Peter N. M. Hansteen) Date: Tue, 25 Aug 2009 17:27:40 +0200 In-Reply-To: <4A93B203.2000305@gmail.com> (Ivan Radovanovic's message of "Tue, 25 Aug 2009 11:42:27 +0200") Message-ID: <87ab1nud5f.fsf@thingy.bsdly.net> User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Positive condition for adding in the table? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 15:28:12 -0000 Ivan Radovanovic writes: > I am new into pf configuration and I am curious if it is possible to add > some host into table in firewall rules if some conditions are met (not > if they are broken). There are a couple of apps out there that will update pf tables for you based on various conditions. One is authpf (a non-interactive user shell, frequently used for stuff like http://home.nuug.no/~peter/pf/en/vegard.authpf.html), likely something to build on. Then I was going to write that dhcpd can manipulate tables (for example, adding addresses it has assigned to a pf table), but then I realized that OpenBSD's dhcpd is not identical to the FreeBSD one so that particular feature may not be available immediately to readers of this list. Tables are nice, more apps that interface with pf through tables would likely be welcome. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.