Date: Thu, 10 Jul 2008 17:51:06 +0300 From: Dennis <hideous@mail.ru> To: Leslie Jensen <leslie@eskk.nu> Cc: freebsd-pf@freebsd.org Subject: Re[2]: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <1188419671.20080710175106@mail.ru> In-Reply-To: <4876141F.6060202@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> <101002322.20080710160132@mail.ru> <4876141F.6060202@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> in your pf.conf and
>>>>>
>>>>> pfctl -t goodguys -T add \
>>>>> something.somewhere.com \
>>>>> somethingelse.somewhere.com \
>>>>> xxx.yyy.zzz.qqq &
>>>>>
>>>>> into your /etc/rc.local, so pf will start up without delays.
>>>>>
>>>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing
>>>> must go somewhere else, do you know where?
>>>>
>> LJ> If I've understood this right this will only be right at the time the
>> LJ> machine starts. How do I get to know if the hosts changes their
>> LJ> addresses. Should I invoke a cron job that does the same as you suggested?
>> LJ> Thanks
>>
>> Yes. Also you would have to clear the table before loading new IP
>> addresses into it. Querying authoritative server with, for example
>> `nslookup`, instead of relying on local resolver would make this thing
>> more robust.
>>
>> Regards,
>> Dennis.
LJ> Thank you Dennis.
LJ> I've started on a script to run as root fron cron.
LJ> I need a little help to invoke the nslookup function and make it go into
LJ> the goodguys table.
LJ> The flushing part I've got ;-)
LJ> But then what do I do?
LJ> ----------------------------
LJ> #!/bin/sh
LJ> pfctl -F Tables
LJ> ----------------------------
LJ> Thanks
LJ> /Leslie
( cat goodguys.names | ( xargs -n1 -J% nslookup % nf2.no-ip.com ) | egrep -o '(([[:digit:]])+\.){3}[[:digit:]]+$' | xargs -J% pfctl -t aaa -T add % ) &
of course, utilities and files should have full paths in their names
for a script.
Regards,
Dennis.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1188419671.20080710175106>