Roy Morris wrote:
I would like to be able to add/remove a rule from
the command line on those systems which
may have only a ram drive and or read only
pf.conf. Anyone know how to do it, or would
you need to create a new pf.conf in memory
someplace and then load it?
Thanks
Roy
Try describing your ruleset in memory using <insert favorite scripting
language constructs>. From that meta-data you could create the actual
ruleset in a syntax that pf understands.
pfctl -s all | your_script -read
# add /remove rules
# add /remove rules
# add /remove rules
...
...
your_script -write | pfctl -F all -f -
Since order matters, you would need to recreate the entire ruleset from
your meta-data every time a rule was added/deleted then reload it using
pfctl
Not exactly a simple solution but the only one my sleep-deprived brain
came up at the moment.
Check out man pages for pfctl, etc... They might inspire an easier solution
-Keith
