Date: Mon, 29 May 2006 15:37:58 -0500 (CDT) From: PauAmma <pauamma@gundo.com> To: freebsd-pf@freebsd.org Subject: Loading table data into pf at start-up Message-ID: <Pine.LNX.4.64.0605291427430.23594@javelin.gundo.com>
next in thread | raw e-mail | index | archive | help
/etc/rc.d/pf will happily let you load a rules file into pf, but unfortunately won't let you load table data if it doesn't fit on a single line or if you want to store table data in other files for any reason. pfctl only allows one -f option, so creative use of pf_flags won't help, so I added a configuration variable, pf_tables, and some extra logic in pf_start() to handle it. pf_tables is a space-separated list of action:table:file tuples, eg: pf_tables="a:idiots4:/etc/pf.idiots4 a:idiots6:/etc/pf.idiots6" For each tuple, my patched /etc/rc.d/pf runs: pfctl -T <action> -t <table> -f <file> $pf_flags I tested that with /etc/rc.d/pf 1.3.2.2, and it works fine under 5.4-RELEASE-p14. If there's any interest, I can supply a patch against 1.3.2.2, or (if there's any interest) an untested patch against 1.12 (no -HEAD running here, so I can't test it). Suggestions/Comments/"Go file a PR" requests all welcome. (please cc me on list replies - I don't follow it regularly)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.64.0605291427430.23594>