I have a process that runs every few min looking to see if the pf rules
changed on some of our firewalls. On one customer unit, we have a
"self" statement and the script detected a change this morning. The
rule reads
block log quick from <rejects> to self
block log quick from self to <rejects>
but when shown it looks like
block drop log quick inet from <rejects> to <__automatic_32a5c00f_0>
block drop log quick inet from <__automatic_32a5c00f_1> to <rejects>
I guess 'self' is treated like a table ? The diff that got flagged
looked like
-block drop log quick inet from <rejects> to <__automatic_786310c4_0>
-block drop log quick inet from <__automatic_786310c4_1> to <rejects>
+block drop log quick inet from <rejects> to <__automatic_32a5c00f_0>
+block drop log quick inet from <__automatic_32a5c00f_1> to <rejects>
What would trigger the table name to change like that ?
Also, is there a better way to monitor pf rule changes ? I dont see any
mention in FreeBSD audit ?
---Mike
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
