Date: Tue, 06 Mar 2007 13:00:24 -0500 From: Ron Wilhoite <ronw@bals.org> To: "rance@frontiernet.net" <rance@frontiernet.net> Cc: freebsd-pf@freebsd.org Subject: Re: adding to pf rules dynamically via a script Message-ID: <45EDAC38.2080300@bals.org> In-Reply-To: <20070306164250.n8w9y8c39x204cs0@webmail.frontiernet.net> References: <20070306164250.n8w9y8c39x204cs0@webmail.frontiernet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/06/2007 11:42 AM, rance@frontiernet.net wrote:
> could someone be so kind as to point to an example I can study as to
> how to add pf rules via a log monitoring script Im trying to port from
> linux.
>
> I know it can be done, but none of the docs I'm reading show how.
>
> I think I'm understanding that this is done with an anchor.
>
> but I'm having trouble finding a documented example I can study and
> learn from.
>
> Anybody know of a good doc on this, or have a well documented example
> they woulnt mind sharing?
Not sure if this is helpful as an example, but I use this script to
update a table stored in pf.badhosts then reload tables:
#!/bin/sh
#
# pfblock - add a host or network to pf.badhosts so pf will block it
#
if [ $# -eq 0 ]
then
echo "pfblock usage: pfblock ip.add.re.ss/cidr"
exit
fi
#
echo "$*" >> /etc/pf.badhosts
pfctl -T load -f /etc/pf.conf
Ron Wilhoite
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45EDAC38.2080300>