I am wondering if it is possible to add filters/anchors with pfctl to a running instance of pf?
I have put an anchor option in my pf.conf, and I can add tables and filter rules to that OK. But suppose I had no anchor option in pf.conf; is there some way to add one with pfctl and insert rules and have them used? If so, I have not been able to figure it out. This as not critical by any means as it does work fine otherwise, but I am just trying to figure out if I am missing something, or it just doesn't work that way.
--As of July 7, 2009 8:56:34 AM -0400, Kevin Kobb is alleged to have said:
> Hello,
> I am wondering if it is possible to add filters/anchors with pfctl to a > running instance of pf?
> I have put an anchor option in my pf.conf, and I can add tables and > filter rules to that OK. But suppose I had no anchor option in pf.conf; > is there some way to add one with pfctl and insert rules and have them > used? If so, I have not been able to figure it out. This as not critical > by any means as it does work fine otherwise, but I am just trying to > figure out if I am missing something, or it just doesn't work that way.
--As for the rest, it is mine.
Well, you can always load a new rules file... But other than that or having an anchor, no. That's kinda the point of an anchor.
Daniel T. Staal
--------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
Daniel Staal wrote: > --As of July 7, 2009 8:56:34 AM -0400, Kevin Kobb is alleged to have said:
>> Hello,
>> I am wondering if it is possible to add filters/anchors with pfctl to a >> running instance of pf?
>> I have put an anchor option in my pf.conf, and I can add tables and >> filter rules to that OK. But suppose I had no anchor option in pf.conf; >> is there some way to add one with pfctl and insert rules and have them >> used? If so, I have not been able to figure it out. This as not critical >> by any means as it does work fine otherwise, but I am just trying to >> figure out if I am missing something, or it just doesn't work that way.
> --As for the rest, it is mine.
> Well, you can always load a new rules file... But other than that or > having an anchor, no. That's kinda the point of an anchor.
> Daniel T. Staal
> --------------------------------------------------------------- > This email copyright the author. Unless otherwise noted, you > are expressly allowed to retransmit, quote, or otherwise use > the contents for non-commercial purposes. This copyright will > expire 5 years after the author's death, or in 30 years, > whichever is longer, unless such a period is in excess of > local copyright law. > ---------------------------------------------------------------
Pretty much what I figured. I only ask because with iptables it is possible to do this, and I am looking at something that was configured for that. However, it is easy enough to do what I want by adding an anchor first, and certainly not worth dealing with iptables ;)
|
