Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 May 2016 15:28:57 +0300
From:      Max <maximos@als.nnov.ru>
To:        freebsd-pf@freebsd.org
Subject:   Re: `echo <something> | pfctl -mf -` overriding instead of modifying
Message-ID:  <b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919@als.nnov.ru>
In-Reply-To: <20160526114645.GB49239@box-fra-01.niklaas.eu>
References:  <20160518072409.GD99839@box-fra-01.niklaas.eu> <20160526114645.GB49239@box-fra-01.niklaas.eu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello, Niklaas.

Can you try something like
exec.poststart = "/bin/sh /path/to/pf-config.sh $name $private_ip4 
$private_ip6"

where pf-config.sh contains
#!/bin/sh
echo "rdr pass on vtnet0 inet  proto { udp tcp } to vtnet0 port domain 
->   $2
rdr pass on vtnet0 inet6 proto { udp tcp } to vtnet0 port domain ->   
$3" | pfctl -a "jails/$1" -Nf -


26.05.2016 14:46, Niklaas Baudet von Gersdorff пишет:
> Niklaas Baudet von Gersdorff [2016-05-18 09:24 +0200] :
>
> [...]
>> Initially, I only used the `-f -` flags for pfctl (instead of `-mf -`) and
>> realised that making changes to the anchor overrides existing rules. So
>> I read pfctl(8) where it says
>>
>>       -m      Merge in explicitly given options without resetting those
>>       which are omitted.  Allows single options to be modified without
>>       disturbing the others:
>>
>>          # echo "set loginterface fxp0" | pfctl -mf -
>>
>> So I thought that adding `-m` to the rule in the second `exec.poststart`
>> will include (instead of replace) the rules into the anchor. But this is
>> not the case. What am I doing wrong? Do I misunderstand `-m`?
> I clearly misunderstood -m. It says that it merges "given *options*
> without resetting those which are omitted" i.e., options and not rules.
> No wonder that it's not working.
>
> I will recheck pfctl(8) but I assume that there is no other way than
> inserting the rules in questions in a one-liner -- or using different
> anchors like jails/$name-ipv4 and jails/$name-ipv6.
>
>      Niklaas

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919>