On Sun, 09 Oct 2005 14:59:36 -0400 Roy Morris <[EMAIL PROTECTED]> wrote:
> I would like to be able to add/remove a rule from > the command line on those systems which > may have only a ram drive and or read only > pf.conf. Anyone know how to do it, or would > you need to create a new pf.conf in memory > someplace and then load it? It's not like iptables where you can load rules at the CLI. The best you can hope for is to look at all your rules with a set of parameters and attempt to make a structure that resembles any type of rule. Then read your pf.conf into the array of structures and then re-write that array as a new pf.conf. If you do the job very well you can use those structures write the rules out in many different formats and perhaps have yourself a firewall builder. Perhaps you could look at some existing firewall builders and sculpt them into something that suits your requirements. Let us know how you get on, I think the two previous answers are workable for what you are trying to do. You could, if the rules are just pass/block, use a table, which you can access from the command line. -- Regards, Ed http://www.usenix.org.uk
