On Tue, 20 Oct 2015 01:08:42 -0600
Devin Reade wrote:
>
>
> > On Oct 19, 2015, at 18:26, Karl O. Pinc wrote:
>
> > But if you write DNS names into your pf.conf
> > file then step 2 can be eliminated. All
> > that's required is to reload the rules.
> >
> > Eliminating an extra editing step r
> On Oct 19, 2015, at 18:26, Karl O. Pinc wrote:
> But if you write DNS names into your pf.conf
> file then step 2 can be eliminated. All
> that's required is to reload the rules.
>
> Eliminating an extra editing step reduces
> error.
Unless of course your DNS is on your LAN and after a major p
On 10/19/2015 8:26 PM, Karl O. Pinc wrote:
But if you write DNS names into your pf.conf
file then step 2 can be eliminated. All
that's required is to reload the rules.
How often do you re-query DNS to update and reload the rules? What do
you do in the case of multiple A records, or a CDN? I
On Mon, 19 Oct 2015 12:47:46 -0600
Theo de Raadt wrote:
> > > The supplied patch allows the rc.conf(8) pf
> > > variable to be set to MINIMAL (in addition to
> > > the current YES and NO). A setting of MINIMAL
> > > loads the rc(8) default pf ruleset and enables
> > > pf. MINIMAL means that rc(
> > The supplied patch allows the rc.conf(8) pf
> > variable to be set to MINIMAL (in addition to
> > the current YES and NO). A setting of MINIMAL
> > loads the rc(8) default pf ruleset and enables
> > pf. MINIMAL means that rc(8) does not load
> > /etc/pf.conf. Any loading of /etc/pf.conf
> >
Well, since there's no attachments,
I am including the patches inline.
On Mon, 19 Oct 2015 10:27:16 -0500
"Karl O. Pinc" wrote:
> Attached are 3 patches to -current for your
> consideration. Apply with:
>
> cd /usr/src
> patch -p1 ...
>
> The first, expose-default-pf-rules.patch, lets
> t
Hello,
Attached are 3 patches to -current for your
consideration. Apply with:
cd /usr/src
patch -p1 ...
The first, expose-default-pf-rules.patch, lets
the sysadm use the rc(8) constructed default pf
ruleset. This ability was, in a sense,
compromised when 5.8 eliminated the pf_rules
variabl
7 matches
Mail list logo