On Wed, 19 Jul 2006, Rajkumar S. wrote:
> PS: I still would love to see an example program to use pf ioctl, or some
> documentation, now just for academic purpose. pfctl is bit complex, especially
> when it gets to the parse.y and because it uses pfctl structure for most of
> the data.
/usr/src/
Quoting Daniel Hartmeier <[EMAIL PROTECTED]>:
Why don't you create sub-anchors, one for each single rule?
Brilliant!! Thanks a lot! This is what I want!
raj
PS: I still would love to see an example program to use pf ioctl, or
some documentation, now just for academic purpose. pfctl is bit
On Wed, Jul 19, 2006 at 01:35:51PM +0530, Rajkumar S. wrote:
> And these rules are dynamic ie, the rule one might be for 10 minutes
> and after which it needs to be deleted.
>
> The current way is to flush the anchor and then load the anchor with
> all the rules except the one deleted. It is
Hi,
I am trying to do a pf plugin for snortsam, that requires a function
to add and delete rules, much like iptables -A and -D. I am using
freebsd 6.1
There is already a pf plugin in snortsam which defines an anchor and
put the following rules inside it.
table persist
table persist
bl
Damien Miller <[EMAIL PROTECTED]> writes:
> Mismatches between pfctl and the kernel happen on -current from time to
> time, and I think being locked out is better than falling back to permit
> all...
.. if you have physical access to the machine in question.
Then again, if you run -current on
