On 2006/12/05 23:12, Joe Advisor wrote: > Some of the things I am writing are like cumulative > results from pfctl -vsq, so that I can track on a > per queue address basis, how much traffic is going > through that queue.
how about using a database of some kind? (not necessarily a full separate RDBMS; db might be suitable, or SQLite may give more useful options; /usr/ports/databases/sqlports/files/mksqlitedb shows how to use it from Perl). > In some other cases, I am rewriting pf.conf regularly > because I am changing firewall rules as machines > come on and come off the network. One option may be to pipe the rules through 'pfctl -f -' and write to disk periodically. > I would also like the ability to fast reboot. If you have filesystems which don't normally need to be RW, mount them RO, then use 'mount -uw' when you need to make changes (and -ur afterwards). A filesystem mounted RO at the time of an unclean reboot needs no fsck. You might find this particularly useful for FS like /usr and maybe /. A smaller RW filesystem with just a few files won't take long to fsck. You'll have to decide what's acceptable and what trade-offs to make.
