From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 13:52:41 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFFE51065693 for ; Thu, 10 Jul 2008 13:52:41 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 97A228FC16 for ; Thu, 10 Jul 2008 13:52:41 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id D0A611EE86C; Thu, 10 Jul 2008 15:52:35 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.294 X-Spam-Level: ** X-Spam-Status: No, score=2.294 tagged_above=-999 required=4.2 tests=[AWL=-0.875, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtHjbp37SMAs; Thu, 10 Jul 2008 15:52:27 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 33A711EE8E5; Thu, 10 Jul 2008 15:52:27 +0200 (CEST) Message-ID: <4876141F.6060202@eskk.nu> Date: Thu, 10 Jul 2008 15:52:31 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: "Nobody A. Unknown" References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> <101002322.20080710160132@mail.ru> In-Reply-To: <101002322.20080710160132@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 13:52:41 -0000 >>>> in your pf.conf and >>>> >>>> pfctl -t goodguys -T add \ >>>> something.somewhere.com \ >>>> somethingelse.somewhere.com \ >>>> xxx.yyy.zzz.qqq & >>>> >>>> into your /etc/rc.local, so pf will start up without delays. >>>> >>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >>> must go somewhere else, do you know where? >>> > LJ> If I've understood this right this will only be right at the time the > LJ> machine starts. How do I get to know if the hosts changes their > LJ> addresses. Should I invoke a cron job that does the same as you suggested? > LJ> Thanks > > Yes. Also you would have to clear the table before loading new IP > addresses into it. Querying authoritative server with, for example > `nslookup`, instead of relying on local resolver would make this thing > more robust. > > Regards, > Dennis. Thank you Dennis. I've started on a script to run as root fron cron. I need a little help to invoke the nslookup function and make it go into the goodguys table. The flushing part I've got ;-) But then what do I do? ---------------------------- #!/bin/sh pfctl -F Tables ---------------------------- Thanks /Leslie