Srebrenko Sehic wrote:
On Thu, Jan 09, 2003 at 07:50:09PM +0100, Henning Brauer wrote:
pfctl does not support inserting rules on the fly and authpf needs that.
On the other hand, the overhead of having that would be too big.
hmmmm, things changed... authpf uses anchors now, that IS possible with
pfctl... hmmm.
Didn't know that. So, authpf can insert rules on fly using anchors, but is
this possible with arbitrary applications? Say I want my snort box to insert
filter rules into pf, by sending a messages (something like
'block 192.168.0.1')
There is a "table" feature that has just been commited to the kernel.
You can write in pf.conf:
table <snortblacklist> persist
block in from <snortblacklist> to any
And then, your snort box can do the following:
ssh firewall pfctl -t snortblacklist -Ta 192.168.0.1
Cedric
