From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 14:51:08 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A6561065689 for ; Thu, 10 Jul 2008 14:51:08 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from eta.smtp.skif.com.ua (eta.smtp.skif.com.ua [91.90.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id 1C3838FC15 for ; Thu, 10 Jul 2008 14:51:07 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from den.unicom (shota20b-unicom.skif.com.ua [91.90.21.238]) by smtp.skif.com.ua (Postfix) with ESMTP id 41BAE3F89A; Thu, 10 Jul 2008 17:53:23 +0300 (EEST) Date: Thu, 10 Jul 2008 17:51:06 +0300 From: Dennis X-Priority: 3 (Normal) Message-ID: <1188419671.20080710175106@mail.ru> To: Leslie Jensen In-Reply-To: <4876141F.6060202@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> <101002322.20080710160132@mail.ru> <4876141F.6060202@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re[2]: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Nobody A. Unknown" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 14:51:08 -0000 >>>>> in your pf.conf and >>>>> >>>>> pfctl -t goodguys -T add \ >>>>> something.somewhere.com \ >>>>> somethingelse.somewhere.com \ >>>>> xxx.yyy.zzz.qqq & >>>>> >>>>> into your /etc/rc.local, so pf will start up without delays. >>>>> >>>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >>>> must go somewhere else, do you know where? >>>> >> LJ> If I've understood this right this will only be right at the time the >> LJ> machine starts. How do I get to know if the hosts changes their >> LJ> addresses. Should I invoke a cron job that does the same as you suggested? >> LJ> Thanks >> >> Yes. Also you would have to clear the table before loading new IP >> addresses into it. Querying authoritative server with, for example >> `nslookup`, instead of relying on local resolver would make this thing >> more robust. >> >> Regards, >> Dennis. LJ> Thank you Dennis. LJ> I've started on a script to run as root fron cron. LJ> I need a little help to invoke the nslookup function and make it go into LJ> the goodguys table. LJ> The flushing part I've got ;-) LJ> But then what do I do? LJ> ---------------------------- LJ> #!/bin/sh LJ> pfctl -F Tables LJ> ---------------------------- LJ> Thanks LJ> /Leslie ( cat goodguys.names | ( xargs -n1 -J% nslookup % nf2.no-ip.com ) | egrep -o '(([[:digit:]])+\.){3}[[:digit:]]+$' | xargs -J% pfctl -t aaa -T add % ) & of course, utilities and files should have full paths in their names for a script. Regards, Dennis.