RJ45 <rj45 <at> slacknet.com> writes: > > Hello, > I implemented a OpenBSD solution for a soekris appliance. > My problem is that I have a web portal there and I need > a new pass rule for each client IP authenticating. > Actually this was easy to do with linux iptables, > but how to do it with PF ? Actually all the PF rules are > into a file, and can be read from file. This is fare > to be a dynamic system. Rules must first be deleted fomr file > and then reloaded with pfctl. > My problem is, how can I Remove a single PF rule without > modifying a text file and realoading all the rules ? > > thanks > > Rick > >
This seems like a job for tables, just use a table as the match for your pass rule and add and remove addresses from it. look at sysutils/tabled in ports if you're manipulating this table from !root. If you really need individual pass rules, look at anchors, though adding and removing rules dynamically is a simple matter of programming (look at pf(4) for details). Failing that, you can also flush and reload your anchor ruleset (not your whole ruleset) with pfctl -a, though from your mail that doesn't seem to appeal. If the number of IPs you are passing on is large enough, a table is probably best.
