On Thu, Jan 09, 2003 at 07:50:09PM +0100, Henning Brauer wrote: > > pfctl does not support inserting rules on the fly and authpf needs that. > > On the other hand, the overhead of having that would be too big. > > hmmmm, things changed... authpf uses anchors now, that IS possible with > pfctl... hmmm.
Didn't know that. So, authpf can insert rules on fly using anchors, but is this possible with arbitrary applications? Say I want my snort box to insert filter rules into pf, by sending a messages (something like 'block 192.168.0.1') to a daemon running on my pf fw and have the daemon translate that into a rules which can be added to the filter/anchor. I guess the answer is yes. Write an authpf-like daemon (with a remote interface) and let is do the job. Oh, this brings us back to the original issue. It would be hell to maintain. No? Is there a better/nicer way? // haver