On 04/09/2020 17.40, Brian Brombacher wrote:
On Sep 4, 2020, at 11:28 AM, Brian Brombacher <br...@planetunix.net> wrote:
On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen <to...@nevtelen.com> wrote:
Hi there misc!
Is there an external pfctl linter? we have bunch pf firwalls for which we
generate rules but also write some manual ones that get merged. Would be nice
if we could lint the rules before committed to vcs.. (yes we test before they
are applied on the machines as well but that is way too late in a sane pipeline
imho)
Sane pipeline... :)
Developer machine: can that securely run pfctl -n? Linter is great... but
there’s a ton more involved.
Don't get too caught up on my wording :)
What is the ton that would be involved?
It would be to catch the most stupid typo/syntax issues not to check if
the full config is valid on a specific machine.
My more exact use case would be a pre-recieve hook or a check before
merging to the production branch.
/T
