Date: Thu, 26 May 2016 21:50:52 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-pf@freebsd.org Subject: Re: `echo <something> | pfctl -mf -` overriding instead of modifying Message-ID: <20160526195052.GI49239@box-fra-01.niklaas.eu> In-Reply-To: <b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919@als.nnov.ru> References: <20160518072409.GD99839@box-fra-01.niklaas.eu> <20160526114645.GB49239@box-fra-01.niklaas.eu> <b0d6b201-0bef-f1d8-b3d3-fd23e2c9a919@als.nnov.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--VkVuOCYP9O7H3CXI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Max [2016-05-26 15:28 +0300] :
> Can you try something like
> exec.poststart =3D "/bin/sh /path/to/pf-config.sh $name $private_ip4=20
> $private_ip6"
>=20
> where pf-config.sh contains
> #!/bin/sh
> echo "rdr pass on vtnet0 inet proto { udp tcp } to vtnet0 port domain=20
> -> $2
> rdr pass on vtnet0 inet6 proto { udp tcp } to vtnet0 port domain -> =20
> $3" | pfctl -a "jails/$1" -Nf -
Thanks a lot for your input. I guess that would work but I managed to
solve it the following way:
exec.poststart +=3D "echo 'rdr pass on vtnet0 inet6 proto { udp tcp } t=
o vtnet0 port domain -> $private_ip6' | pfctl -a 'jails/$name-ipv6' -f -";
exec.poststart +=3D "echo 'rdr pass on vtnet0 inet proto { udp tcp } t=
o vtnet0 port domain -> $private_ip4' | pfctl -a 'jails/$name-ipv4' -f -";
exec.poststop +=3D "pfctl -a jails/$name-ipv6 -F all";
exec.poststop +=3D "pfctl -a jails/$name-ipv4 -F all";
The trick is to use two anchors. This way no rules are replaced and both
stay active.
Niklaas
--VkVuOCYP9O7H3CXI
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXR1OcAAoJEG2fODeJrIU/oogP/jbiuw9NW6mN6Xpvn/JT0n7v
fieynKqfLElR5JlmFJX9NWmNZfXTNuSlkkvw5SxuZsqQLAxNuOLKTU6bZK6z6JWr
4tPEz4i7bgDagbffjY5BsYvnwFGAHfkhhMvMSLoCLXrC8GminmxC7BZig93A79GA
TAaEptNvmvsmKAiKrGtSNMvRXE31gyMFx51Bfzzq5nRlMQT5SuNpY336eVd2tyz1
1FkpYiyDmKdV2nVrPHUpZgMzZ5V+fA3iUnqsVDN3xN4lPKD+z+tpDkJtF7Pbk5zE
UXiTXCTLsNkkOsR5E5Oj3JtapEJLLzOCrHZTUBGn3eLiXJmpijM78Z1wB7UdXymw
tbyyWH6Ja5NRFxGfrI6uK/7AGxmdTg8O6viA5KzzdAmL9tUCRkH1rbrQ1LL8zXps
PWyMrukZhr+cX5RJmhV+pd8Xjy7P4eDAn8LbT8Kzl2Z07syYklvfibYZ/kso8ZAI
Xgeh3sQROBwkC6fw4xuw2fF/ChCmszEO9TI3U12H6eveDSX98QB3poyUJ+GBymir
648tPmVvCi1biRBBLTeJxQua4NUtOkm7x7F8rZYM6ApsLoDhJCr+o4NDlc2wEl8Y
QnbhCz4IAaHoNoprO57rt7D2qjjVSLGvBfEEBPpAuNrMkI2nVKsmwAYzPfKkS1xa
2LaiyeX7MMMj93XwY7Kv
=ORDN
-----END PGP SIGNATURE-----
--VkVuOCYP9O7H3CXI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160526195052.GI49239>