On Tue, Jul 18, 2006 at 01:37:52PM +0200, Mackan wrote: > >> 4) same php script generates a new ruleset for pf > >> 5) pf detect changes and reload new ruleset > >> Step 1 - 4 is already done. I need help with step 5. > > You know pfctl(8)? > Yes. But how do I make apache/php execute the pfctl program > or signal to pfctl ro reload? > Apache is chroot and run by www, and pfctl lives outside > chroot and must be run as root.
Maybe you can code a little deamon which, running outside of the chroot, would wait on a Unix(4) socket(2) to know when the rules have to be reloaded. The socket entry in the filesystem would lie in the chrooted tree so that one script run by the webserver would be able to write to it. -- Olivier Mehani <[EMAIL PROTECTED]>
