Albert Shih <[EMAIL PROTECTED]> writes: > The purpose is to open (inside --> outside) my subnet for making update > during the nigth (between 34 am) and after update I'm close everything
You could use anchors I suppose, or if it's simply a matter of opening a specified set of ports for traffic to specified hosts elsewhere, you could write your rule set to pass the required services to or from members of a table, which you then fill with IP addresses, run the required commands, then empty the table. I have something hinting at how to do this in the PF tutorial at http://home.nuug.no/~peter/pf/, specifically http://home.nuug.no/~peter/pf/en/tables.html, and of course man pfctl is your dearest friend :) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
