Hello, Niklaas.
Can you try something like
exec.poststart = "/bin/sh /path/to/pf-config.sh $name $private_ip4
$private_ip6"
where pf-config.sh contains
#!/bin/sh
echo "rdr pass on vtnet0 inet proto { udp tcp } to vtnet0 port domain
-> $2
rdr pass on vtnet0 inet6 proto { udp tcp } to vtnet0 port domain ->
$3" | pfctl -a "jails/$1" -Nf -
26.05.2016 14:46, Niklaas Baudet von Gersdorff пишет:
Niklaas Baudet von Gersdorff [2016-05-18 09:24 +0200] :
[...]
Initially, I only used the `-f -` flags for pfctl (instead of `-mf -`) and
realised that making changes to the anchor overrides existing rules. So
I read pfctl(8) where it says
-m Merge in explicitly given options without resetting those
which are omitted. Allows single options to be modified without
disturbing the others:
# echo "set loginterface fxp0" | pfctl -mf -
So I thought that adding `-m` to the rule in the second `exec.poststart`
will include (instead of replace) the rules into the anchor. But this is
not the case. What am I doing wrong? Do I misunderstand `-m`?
I clearly misunderstood -m. It says that it merges "given *options*
without resetting those which are omitted" i.e., options and not rules.
No wonder that it's not working.
I will recheck pfctl(8) but I assume that there is no other way than
inserting the rules in questions in a one-liner -- or using different
anchors like jails/$name-ipv4 and jails/$name-ipv6.
Niklaas
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
