Tables and Persistency ...


  • Rebel Alliance

    Hey guys,

    I created an Alias and referenced it to my filter rules, which in turn creates a Table that I can manipulate using
    e.g. "/sbin/pfctl -t TABLENAME -T add IPADDR".

    Unfortunately, the table seems to be flushed almost every 10 to 15 minutes - the contents vanish and
    it is reset to the IP address I put in there when I created the alias. So basically the table "recovers" its original content regularly, purging all modifications I did to it using pfctl.

    I also thought that maybe the built-ins like "bogons" or "snort2c" might be more persistent, but I can't reference them directly in the ruleset, which isn't helping either.

    Is there some feature or issue I miss that might provide me with a more "persistent" table that I can use in a ruleset and modify using pfctl at the same time?

    Thanks for your help <3

    Daniel



  • @creo

    Hello
    When you reload the rules, PFSense deletes all the contents of the tables , and creates the tables again . And adds the contents of the aliases. Everything you added dynamically using pfctl is lost .

    I ran into such a problem and did so
    I wrote a small program that saves the contents of the tables to a file, and after reloading the rules restores the contents of the table

    I added 2 lines to the file /etc/rc.filter_configure_sync
    to automate this process

    exec("/usr/local/tmp/table_manager -b");
    filter_configure_sync();
    exec("/usr/local/tmp/table_manager -r ");
    

    -b - backup table
    -r - restore table

    
    Nov 16 19:10:49 171 ip addresses  successfully saved to file /usr/local/tmp/dns_parser/db/hbo.db 
    Nov 16 19:10:49 26 ip addresses  successfully saved to file /usr/local/tmp/dns_parser/db/mos.db 
    Nov 16 19:10:49 11 ip addresses  successfully saved to file /usr/local/tmp/dns_parser/db/molotov.db 
    
    Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/hbo.db, restore table hbo_ip 
    Nov 16 19:10:52 Successfully restored 170 ip-addresses
    Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/mos.db, restore table mos_ip 
    Nov 16 19:10:52 Successfully restored 25 ip-addresses
    Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/molotov.db, restore table molotov_ip 
    Nov 16 19:10:52 Successfully restored 10 ip-addresses
    

    or you can install the shellcmd package
    and configure the system so that it runs the desired script after reloading the rules

    5966a742-c2cc-4409-9d92-798c629912c2-image.png


  • Rebel Alliance

    Thanks for your help, I really appreciate that.

    Scripting a workaround is something I considered, but I thought there might be "the right way" to do it - given that you hint me at your solution I guess there is not ;-)

    I will look into your solution <3
    Thank you!



  • @creo

    My solution is a program written in C that uses the PF ioctl interface

    https://www.freebsd.org/cgi/man.cgi?query=pf&apropos=0&sektion=0&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html

    To restore the table

          DIOCRADDADDRS  Add one or more addresses to a table.
    

    To back up a table

        DIOCRGETADDRS   Get all the addresses of a table.
    

  • Rebel Alliance

    Nice :) I'll have a look at that, since it's probably better than the pfctl approach, performance-wise ..


Log in to reply