[nycbug-talk] pf tables
David Lawson
dave at donnerjack.com
Sun Jul 30 20:05:15 EDT 2006
On Jul 30, 2006, at 5:24 PM, Dru wrote:
>
>
> On Sun, 30 Jul 2006, Okan Demirmen wrote:
>
>> pfctl(8) will *populate from* a file; it doesn't mean it (what is
>> "it"?
>> - there is none) also sync's back to the file. you need to dump your
>> table in rc.shutdown(8) or in a cron(8) job - which ever fits the
>> bill.
>
>
> Thanks, rc.shutdown should fit the bill.
>
> Dru
I've actually found it simpler and cleaner to add an IP to the
persist file and reload pf, since that ensures your currently running
ruleset is exactly what you have on disk, thus avoiding situations
like this one. Or, alternatively, you could use a couple line script
to append an IP to the end of the file and insert it into the table
in pf at the same time.
--Dave
More information about the talk
mailing list