Keith Richardson wrote:
Roy Morris wrote:
I would like to be able to add/remove a rule from
the command line on those systems which
may have only a ram drive and or read only
pf.conf. Anyone know how to do it, or would
you need to create a new pf.conf in memory
someplace and then load it?
Thanks
Roy
Try describing your ruleset in memory using <insert favorite
scripting language constructs>. From that meta-data you could create
the actual ruleset in a syntax that pf understands.
pfctl -s all | your_script -read
# add /remove rules
# add /remove rules
# add /remove rules
...
...
your_script -write | pfctl -F all -f -
Since order matters, you would need to recreate the entire ruleset
from your meta-data every time a rule was added/deleted then reload
it using pfctl
Not exactly a simple solution but the only one my sleep-deprived
brain came up at the moment.
Check out man pages for pfctl, etc... They might inspire an easier
solution
-Keith
Yea, to me it seems easy/best/less time consuming to simply
cat /etc/readonly.pf.conf >> /ramdrive/pf.new.conf
vi /ramdrive/pf.new.conf
pfctl -F all -f /ramdrive/pf.new.conf
then in the required rule in the next version of the
cdboot. In my case rules change seldom, so it's not
that big a deal. Maybe what I need is to use a flash
drive to hold /etc/ ... seems logical.
Cheers
Rm
