Date: Thu, 8 Jun 2006 18:39:55 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Dmitry Andrianov <dimas@dataart.com> Cc: freebsd-pf@freebsd.org Subject: Re: Rules in anchor Message-ID: <20060608163954.GE23685@insomnia.benzedrine.cx> In-Reply-To: <D5972F49810A69449A9EA72A4B360DC2D0A22C@e1.universe.dart.spb> References: <D5972F49810A69449A9EA72A4B360DC2D0A22C@e1.universe.dart.spb>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 08, 2006 at 03:42:47PM +0400, Dmitry Andrianov wrote: > root@host <mailto:root@host> # pfctl -s Anchors > ftpsesame > root@host <mailto:root@spb-gw1> # pfctl -a ftpsesame -s rules > root@host <mailto:root@spb-gw1> # It creates sub-anchors within that anchor (with the process pid and a connection id as part of the name), and the rules are inserted there. The reason for that is that it's simpler to flush an entire (sub)anchor than removing one specific (of potentially multiple) rules in just one set. Try pfctl -vs Anchors, it lists anchor and sub-anchors recursively. Then pfctl -a ftpsesame/sub.anchor -s rules. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060608163954.GE23685>