Niklaas Baudet von Gersdorff [2016-05-18 09:24 +0200] : [...] > Initially, I only used the `-f -` flags for pfctl (instead of `-mf -`) and > realised that making changes to the anchor overrides existing rules. So > I read pfctl(8) where it says > > -m Merge in explicitly given options without resetting those > which are omitted. Allows single options to be modified without > disturbing the others: > > # echo "set loginterface fxp0" | pfctl -mf - > > So I thought that adding `-m` to the rule in the second `exec.poststart` > will include (instead of replace) the rules into the anchor. But this is > not the case. What am I doing wrong? Do I misunderstand `-m`?
I clearly misunderstood -m. It says that it merges "given *options*
without resetting those which are omitted" i.e., options and not rules.
No wonder that it's not working.
I will recheck pfctl(8) but I assume that there is no other way than
inserting the rules in questions in a one-liner -- or using different
anchors like jails/$name-ipv4 and jails/$name-ipv6.
Niklaas
signature.asc
Description: PGP signature
