Pfctl
-
Hello,
I use pfctl to dynamically add rules.
Is there a risk that this doesn't add all rules ?
(pfctl -sr; echo "pass XXX...") | pfctl -f -Might it be better to do :
(cat /tmp/rules.debug; echo "pass XXX…") | pfctl -f -
??
-
The danger is at any time the pfSense ruleset could be reloaded and wipe out all your stuff.
Best thing might be to hack an anchor in filter.inc and then inject your rules into the anchor rather than into the main ruleset.
Or setup a normal rule that uses an alias to reference things rather than IPs and then use pfctl to manipulate the contents of the table.
-
I have to put my rules in /etc/inc/filter.inc ?
Currently, I use an anchor to load rules.
pfctl -a userrules/mySubAnchor -f myFicOfRulesand it works fine and there is no danger that
at any time the pfSense ruleset could be reloaded and wipe out all your stuff
except rules don't appear in pfSense Web GUI.
Rules will appear in Web GUI if I alter filter.inc ?
PS : Sorry for my english and thank you for responding
-
No that will not make them show in the GUI.
