Question about list, tables and pfctl
-
Hello everyone,
I've setup my infrastructure to push via RADIUS (which resides to a different VM) some rules to every user upon OpneVPN connection.
All works ok, however I've noticed an odd behavior with the command pfctl:If the rules pushed by RADIUS are too many, I see this output:
pfctl -a openvpn/firstname.lastname -sr
pass in quick on openvpn inet from any to <__automatic_41319fc_0> flags S/SA keep stateThis "automatic_41319fc_0" thingy should be a table, so then I perform:
pfctl -t automatic_41319fc_0 -T show
However oddly enough, this is what I get:
pfctl: Table does not exist.Could someone explain why is that?
-
Do you actually see those rules in /tmp/rules.debug?
-
@stephenw10 said in Question about list, tables and pfctl:
/tmp/rules.debug
Apparently I dont see anything related to these rules in this file.
What bothers me is that if I have only one rule or two I can see them with the pfctl command:pfctl -a openvpn/test1 -sr
pass in quick on openvpn inet from any to 192.168.2.0/24 flags S/SA keep stateWhat if I disable the mechanic by wich the rules are summarized? Provided I can / should...
-
Ah, I see now they are anchors so you would need to drill down to see the tables. So maybe:
pfctl -a openvpn/test1 -t automatic_41319fc_0 -T showThere is also a php shell script to drill down all tables:
pfSsh.php playback pftabledrillSteve
-
@stephenw10 said in Question about list, tables and pfctl:
pfctl -a openvpn/test1 -t automatic_41319fc_0 -T show
pfctl -a openvpn/test1 -t __automatic_41319fc_0 -T showdid it!!! thank you!!!
