Chet Burgess wrote:
This is sort of a repost of my question from 8/9 about ippools that
never got solved. I just now got around to looking into this again as
I have an immediate need to make it work.
I saw your email at the time and it started me thinking about the
problem...so it wasnt wasted.
The problem I am having is that while I can create ippool.conf, define
a simple table, and then load it and use it, I cannot change a pool,
or remove it using "ipfboot reload"
understood.
As an example if I define the following in ipf.conf
block return-rst in log quick proto tcp from pool/100 to any port = 25
and the following in ippool.conf
table role = ipf type = tree number = 100
{ 128.125.10.28/32; };
and then start ipf, there are no problems and things work.
ex.
[EMAIL PROTECTED] ipf]# ipfstat -io
empty list for ipfilter(out)
block return-rst in log quick proto tcp from pool/100 to any port =
smtp
[EMAIL PROTECTED] ipf]# ippool -l
table role = ipf type = tree number = 100
{ 128.125.10.28/32 };
However if I then try add an IP address to that pool such as
128.125.253.108 and then run "reload" the pool will not be
updated. The problems seems to come from the ippool -f <FILE> portions
of the reload command.
My advice is to do the addition in two parts:
1) update the file on disk
2) run the ippool command update the kerne without loading the file.
...
[EMAIL PROTECTED] ipf]# ippool -f ippool.conf
load_pool:SIOCLOOKUPADDTABLE: File exists
[EMAIL PROTECTED] ipf]#
What would you prefer to happen here?
Or should there be a flag used here to ignore this error?
e.g.
ippool -f ippool.conf -u
- if a pool exists, ignore the "already exists" error
- if an address already exists in a pool, ignore it
afterwards, retrieve pools from the kernel and
- delete addresses from the kernel no longer in the file
- delete pools no longer in the file
sound reasonable?
Darren
Darren
