On Thu, 11 Nov 2010, Tor Houghton wrote: > From: Tor Houghton <t...@bogus.net> > To: Ryan McBride <mcbr...@openbsd.org> > Cc: misc@openbsd.org > Date: Thu, 11 Nov 2010 11:06:25 > Subject: Re: (Perhaps?) dumb pf question relating to tables > X-Spam-Score: 0.0 (/) > > On Thu, Nov 11, 2010 at 05:32:27PM +0900, Ryan McBride wrote: > > On Wed, Nov 10, 2010 at 01:45:16PM +0100, Tor Houghton wrote: > > > May I ask whether or not "per user" ownership (or permission to update) a > > > table is/will be possible? > > > > > > I am pondering the best mechanism for a non-root process to add/remove > > > addresses to a table. > > > > You can look at sysutils/tabled in ports, which provides this > > functionality (permissions would be controlled by the filesystem > > permissions on the fifo) > > > > I don't think we'll be making /dev/pf accessible by non-root processes > > any time soon. > > This looks exactly like what I need.
You could also used pftabled from: http://www.wolfermann.org/pftabled.html although it's mainly intended for keeping table(s) in step across co-operating hosts. Access is controlled by knowing a HMAC-SHA1 keyed hash. Make this small change to get it to build on OpenBSD4.8: --- Makefile.in.orig Wed Feb 4 11:09:33 2009 +++ Makefile.in Thu Nov 11 11:28:31 2010 @@ -27,7 +27,7 @@ ${CC} ${LDFLAGS} -o $@ ${SERVEROBJS} ${LIBS} pftabled.cat1: pftabled.1 - nroff -Tascii -man pftabled.1 > pftabled.cat1 + mandoc -Tascii -mandoc pftabled.1 > pftabled.cat1 pftabled-client: ${CLIENTOBJS} ${CC} ${LDFLAGS} -o $@ ${CLIENTOBJS} ${LIBS} -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101