Date: Thu, 26 May 2016 21:50:52 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-pf@freebsd.org Subject: Re: `echo <something> | pfctl -mf -` overriding instead of modifying Message-ID: <20160526195052.GI49239@box-fra-01.niklaas.eu> In-Reply-To: <b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919@als.nnov.ru> References: <20160518072409.GD99839@box-fra-01.niklaas.eu> <20160526114645.GB49239@box-fra-01.niklaas.eu> <b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919@als.nnov.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--VkVuOCYP9O7H3CXI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Max [2016-05-26 15:28 +0300] : > Can you try something like > exec.poststart =3D "/bin/sh /path/to/pf-config.sh $name $private_ip4=20 > $private_ip6" >=20 > where pf-config.sh contains > #!/bin/sh > echo "rdr pass on vtnet0 inet proto { udp tcp } to vtnet0 port domain=20 > -> $2 > rdr pass on vtnet0 inet6 proto { udp tcp } to vtnet0 port domain -> =20 > $3" | pfctl -a "jails/$1" -Nf - Thanks a lot for your input. I guess that would work but I managed to solve it the following way: exec.poststart +=3D "echo 'rdr pass on vtnet0 inet6 proto { udp tcp } t= o vtnet0 port domain -> $private_ip6' | pfctl -a 'jails/$name-ipv6' -f -"; exec.poststart +=3D "echo 'rdr pass on vtnet0 inet proto { udp tcp } t= o vtnet0 port domain -> $private_ip4' | pfctl -a 'jails/$name-ipv4' -f -"; exec.poststop +=3D "pfctl -a jails/$name-ipv6 -F all"; exec.poststop +=3D "pfctl -a jails/$name-ipv4 -F all"; The trick is to use two anchors. This way no rules are replaced and both stay active. Niklaas --VkVuOCYP9O7H3CXI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXR1OcAAoJEG2fODeJrIU/oogP/jbiuw9NW6mN6Xpvn/JT0n7v fieynKqfLElR5JlmFJX9NWmNZfXTNuSlkkvw5SxuZsqQLAxNuOLKTU6bZK6z6JWr 4tPEz4i7bgDagbffjY5BsYvnwFGAHfkhhMvMSLoCLXrC8GminmxC7BZig93A79GA TAaEptNvmvsmKAiKrGtSNMvRXE31gyMFx51Bfzzq5nRlMQT5SuNpY336eVd2tyz1 1FkpYiyDmKdV2nVrPHUpZgMzZ5V+fA3iUnqsVDN3xN4lPKD+z+tpDkJtF7Pbk5zE UXiTXCTLsNkkOsR5E5Oj3JtapEJLLzOCrHZTUBGn3eLiXJmpijM78Z1wB7UdXymw tbyyWH6Ja5NRFxGfrI6uK/7AGxmdTg8O6viA5KzzdAmL9tUCRkH1rbrQ1LL8zXps PWyMrukZhr+cX5RJmhV+pd8Xjy7P4eDAn8LbT8Kzl2Z07syYklvfibYZ/kso8ZAI Xgeh3sQROBwkC6fw4xuw2fF/ChCmszEO9TI3U12H6eveDSX98QB3poyUJ+GBymir 648tPmVvCi1biRBBLTeJxQua4NUtOkm7x7F8rZYM6ApsLoDhJCr+o4NDlc2wEl8Y QnbhCz4IAaHoNoprO57rt7D2qjjVSLGvBfEEBPpAuNrMkI2nVKsmwAYzPfKkS1xa 2LaiyeX7MMMj93XwY7Kv =ORDN -----END PGP SIGNATURE----- --VkVuOCYP9O7H3CXI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160526195052.GI49239>