[nycbug-talk] pf tables
Ray Lai
nycbug at cyth.net
Sun Jul 30 15:51:59 EDT 2006
On Sun, Jul 30, 2006 at 03:52:10PM -0400, Dru wrote:
> Does anyone have a reference to or quick trick on how to have the
> information in their pf tables survive a reboot? I'm wondering if I'm
> missing something obvious, but I just lost a few months worth of bad_hosts
> after rebooting a box during an upgrade.
>
> Also, is there an easy way to suck in the contents of a file to a table? I
> do have a backup of the persist file?
man pf.conf:
A table can also be initialized with an address list specified in one or
more external files, using the following syntax:
table <spam> persist file "/etc/spammers" file "/etc/openrelays"
block on fxp0 from <spam> to any
The files /etc/spammers and /etc/openrelays list IP addresses, one per
line. Any lines beginning with a # are treated as comments and ignored.
In addition to being specified by IP address, hosts may also be specified
by their hostname. When the resolver is called to add a hostname to a
table, all resulting IPv4 and IPv6 addresses are placed into the table.
IP addresses can also be entered in a table by specifying a valid inter-
face name, a valid interface group or the self keyword, in which case all
addresses assigned to the interface(s) will be added to the table.
-Ray-
More information about the talk
mailing list