From owner-freebsd-pf@FreeBSD.ORG Mon May 29 20:51:48 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D19CE16A59B for ; Mon, 29 May 2006 20:51:48 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D6F643D53 for ; Mon, 29 May 2006 20:51:46 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id 9AC1820001CB; Mon, 29 May 2006 22:51:44 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22587-02; Mon, 29 May 2006 22:51:43 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id 1307620001C9; Mon, 29 May 2006 22:51:43 +0200 (CEST) Date: Mon, 29 May 2006 22:51:43 +0200 To: PauAmma Message-ID: <20060529205143.GA17051@marvin.harmless.hu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: freebsd-pf@freebsd.org Subject: Re: Loading table data into pf at start-up X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2006 20:51:56 -0000 --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 29, 2006 at 03:37:58PM -0500, PauAmma wrote: > /etc/rc.d/pf will happily let you load a rules file into pf, but=20 > unfortunately won't let you load table data if it doesn't fit on a single= =20 > line or if you want to store table data in other files for any reason. >=20 > pfctl only allows one -f option, so creative use of pf_flags won't help,= =20 > so I added a configuration variable, pf_tables, and some extra logic in= =20 > pf_start() to handle it. >=20 > pf_tables is a space-separated list of action:table:file tuples, eg:=20 > pf_tables=3D"a:idiots4:/etc/pf.idiots4 a:idiots6:/etc/pf.idiots6" what's the problem with a ruleset like table persist file "/etc/pf-abuse_ssh" table persist file "/etc/goodguys" i have this, and works jolly good. so, what's the trouble with this? Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEe17ebBsEN0U7BV0RAuT6AKDNSUH2AzaZZD6inDm+ruf84B7CQgCdGhGP QYLVfxUyu8BScatsAE8ceT4= =TyZn -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe--