[nycbug-talk] pf tables

David Lawson dave at donnerjack.com
Sun Jul 30 20:05:15 EDT 2006


On Jul 30, 2006, at 5:24 PM, Dru wrote:

>
>
> On Sun, 30 Jul 2006, Okan Demirmen wrote:
>
>> pfctl(8) will *populate from* a file; it doesn't mean it (what is  
>> "it"?
>> - there is none) also sync's back to the file. you need to dump your
>> table in rc.shutdown(8) or in a cron(8) job - which ever fits the  
>> bill.
>
>
> Thanks, rc.shutdown should fit the bill.
>
> Dru

I've actually found it simpler and cleaner to add an IP to the  
persist file and reload pf, since that ensures your currently running  
ruleset is exactly what you have on disk, thus avoiding situations  
like this one.  Or, alternatively, you could use a couple line script  
to append an IP to the end of the file and insert it into the table  
in pf at the same time.

--Dave



More information about the talk mailing list