Tables and Persistency ...
I created an Alias and referenced it to my filter rules, which in turn creates a Table that I can manipulate using
e.g. "/sbin/pfctl -t TABLENAME -T add IPADDR".
Unfortunately, the table seems to be flushed almost every 10 to 15 minutes - the contents vanish and
it is reset to the IP address I put in there when I created the alias. So basically the table "recovers" its original content regularly, purging all modifications I did to it using pfctl.
I also thought that maybe the built-ins like "bogons" or "snort2c" might be more persistent, but I can't reference them directly in the ruleset, which isn't helping either.
Is there some feature or issue I miss that might provide me with a more "persistent" table that I can use in a ruleset and modify using pfctl at the same time?
Thanks for your help <3
When you reload the rules, PFSense deletes all the contents of the tables , and creates the tables again . And adds the contents of the aliases. Everything you added dynamically using pfctl is lost .
I ran into such a problem and did so
I wrote a small program that saves the contents of the tables to a file, and after reloading the rules restores the contents of the table
I added 2 lines to the file /etc/rc.filter_configure_sync
to automate this process
exec("/usr/local/tmp/table_manager -b"); filter_configure_sync(); exec("/usr/local/tmp/table_manager -r ");
-b - backup table
-r - restore table
Nov 16 19:10:49 171 ip addresses successfully saved to file /usr/local/tmp/dns_parser/db/hbo.db Nov 16 19:10:49 26 ip addresses successfully saved to file /usr/local/tmp/dns_parser/db/mos.db Nov 16 19:10:49 11 ip addresses successfully saved to file /usr/local/tmp/dns_parser/db/molotov.db Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/hbo.db, restore table hbo_ip Nov 16 19:10:52 Successfully restored 170 ip-addresses Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/mos.db, restore table mos_ip Nov 16 19:10:52 Successfully restored 25 ip-addresses Nov 16 19:10:52 Found file /usr/local/tmp/dns_parser/db/molotov.db, restore table molotov_ip Nov 16 19:10:52 Successfully restored 10 ip-addresses
or you can install the shellcmd package
and configure the system so that it runs the desired script after reloading the rules
Thanks for your help, I really appreciate that.
Scripting a workaround is something I considered, but I thought there might be "the right way" to do it - given that you hint me at your solution I guess there is not ;-)
I will look into your solution <3
My solution is a program written in C that uses the PF ioctl interface
To restore the table
DIOCRADDADDRS Add one or more addresses to a table.
To back up a table
DIOCRGETADDRS Get all the addresses of a table.
Nice :) I'll have a look at that, since it's probably better than the pfctl approach, performance-wise ..