On Wed, 27 Jul 2016, [email protected] wrote: > That solves my immediate need but I still would be interested in knowing > how to save tables that have been altered through npfctl.
When I've needed something like this in the past, I've usually just written an 'rc' script to save the rules before rebooting. You can also use a cronjob-based script that compares the running ruleset with the stored ruleset. When there is a delta, it saves the running ruleset. I think what a lot of folks expect (since it's the norm with Linux) is that there is a fairly obtuse command line tool for the actual add/drop/modify operations a ruleset and a wrapper command that handles save/load/reload/stop operations for the filter-set globally as well as having some modes to "simplify" the rule syntax. I personally don't consider that model optimal. I think the IP Filter (and so PF, and NPF) have the right idea (beautiful and easy to read syntax in a text file with solid binary tools for operational control) and the toolset is good. The only thing I'd add at this point would be modifications to the rc script that include some optional way to preserve the rules akin to what you are asking about. Perhaps there is some existing mechanism and I just don't know about it. -Swift
