Hi there misc!
Is there an external pfctl linter? we have bunch pf firwalls for which
we generate rules but also write some manual ones that get merged. Would
be nice if we could lint the rules before committed to vcs.. (yes we
test before they are applied on the machines as well but that is way too
late in a sane pipeline imho)
Problem is that pfctl expects that all interfaces and everything is
correct (which makes sense for pfctl before loading). BUT it is hard to
run on a build machine or my laptop to get a general idea on where I'm
at (unless I'm missing some tricks somewhere)
So I've been looking into parse.y in pfctl. It's been a long time since
I've messed around with very simple yacc stuff so kind of lost.
Has anyone done anything like this? Would be good to know before I sink
more time into this (and probably fail) :)
/T
- pf.conf parser/lint Tommy Nevtelen
-
