On Saturday 09 September 2006 17:59, Stuart Henderson wrote:
> On 2006/09/09 16:40, steve szmidt wrote:
> > I also added proper data to all table files to ensure it does not mess
> > things up. Though the persist command should allow for empty files.
>
> Do your tables actually load? Check pfctl -t tablename -Ts.
> If not, does pfctl -vvt tablename -Tr -f /path/to/file offer clues?
Yes, running fine.
> > pass out log on $WAN proto tcp from <managers> to <http-managers> port
> > $Web
>
> Remember the DNS lookup happens only when the rules are loaded.
> Is it acceptable to lose access to these sites when they change
> address? Also by listing names right in PF config or tables
> you're relying on working DNS to load the rules correctly.
Of course. But without DNS it does not work anyway...
> Consider whether using an http proxy might be a better choice...
True, proxy can be a good solution. But I still want to have the table working
properly.
--
Steve Szmidt
"To enjoy the right of political self-government, men must be
capable of personal self-government - the virtue of self-control.
A people without decency cannot be secure in its liberty.
From the Declaration Principles
