> On Sep 4, 2020, at 12:03 PM, Tommy Nevtelen <to...@nevtelen.com> wrote:
>
> On 04/09/2020 17.40, Brian Brombacher wrote:
>>>> On Sep 4, 2020, at 11:28 AM, Brian Brombacher <br...@planetunix.net> wrote:
>>>
>>>
>>>> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen <to...@nevtelen.com> wrote:
>>>>
>>>> Hi there misc!
>>>>
>>>> Is there an external pfctl linter? we have bunch pf firwalls for which we
>>>> generate rules but also write some manual ones that get merged. Would be
>>>> nice if we could lint the rules before committed to vcs.. (yes we test
>>>> before they are applied on the machines as well but that is way too late
>>>> in a sane pipeline imho)
>> Sane pipeline... :)
>>
>> Developer machine: can that securely run pfctl -n? Linter is great... but
>> there’s a ton more involved.
>
> Don't get too caught up on my wording :)
>
> What is the ton that would be involved?
>
> It would be to catch the most stupid typo/syntax issues not to check if the
> full config is valid on a specific machine.
>
> My more exact use case would be a pre-recieve hook or a check before merging
> to the production branch.
>
Well, let’s say a Linter doesn’t exist and you can’t invest time to make one.
Do you have a lower environment, mirror-exact ideally, to run tests on the
pre-receive hook?
It’s an interesting issue you’re trying to solve ;)
>
> /T
>
>