On Fri, Jul 25, 2008 at 11:38:40PM +0200, openbsd misc wrote: | Hehe, I knew I'll get this reply. ;-) The question was which configuration is | active, not what will be activated by pfctl -f /etc/pf.conf, that's the | difference. | I think that could help some people in multi-admin environments ;-)
If you can't organize a proper way to keep loaded rules and rulefile in sync, you may want to have a talk with the other admins. Given that, you may want to create a script that does exactly what you want. It's OpenBSD. It's open source, the tools are there, you can see how this stuff works, you know what you want - create what you need by yourself. A simple script that copies your pf.conf to /var/whatever/last.loaded is just a few keystrokes away. Cheers, Paul 'WEiRD' de Weerd | Regards | Hagen Volpers | | | > -----Urspr|ngliche Nachricht----- | > Von: Paul de Weerd [mailto:[EMAIL PROTECTED] | > Gesendet: Freitag, 25. Juli 2008 22:37 | > An: openbsd misc | > Cc: misc@openbsd.org | > Betreff: Re: pfctl | > | > On Fri, Jul 25, 2008 at 10:16:21PM +0200, openbsd misc wrote: | > | Hi, | > | | > | interessting point. How about dumping it to a file or | > something so you are | > | able to check what was loaded last time (e.g. a file with 400 under | > | /var/whatever)? | > | > GREAT IDEA ! | > | > How about /etc/pf.conf ? | > | > Cheers ! | > | > Paul 'WEiRD' de Weerd | > | > | Regards | > | Hagen Volpers | > | | > | | > | > -----Urspr|ngliche Nachricht----- | > | > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | > | > Im Auftrag von Stuart Henderson | > | > Gesendet: Freitag, 25. Juli 2008 17:15 | > | > An: Charlie Clark | > | > Cc: misc@openbsd.org | > | > Betreff: Re: pfctl | > | > | > | > On 2008/07/25 14:53, Charlie Clark wrote: | > | > > Stuart Henderson wrote: | > | > >> On 2008-07-25, Charlie Clark <[EMAIL PROTECTED]> wrote: | > | > >> | > | > >>> Hi, | > | > >>> | > | > >>> I have noticed that you are unable to view the | > currently loaded | > | > >>> options for pf using pfctl, even 'pfctl -sa' doesn't show the | > | > >>> options eg. set skip on tun0. | > | > >>> Is this going to be implemented soon or is it there and | > | > I'm missing | > | > >>> something? | > | > >>> | > | > >>> Regards, | > | > >>> | > | > >>> | > | > >> | > | > >> Someone asked about this recently. | > | > >> http://marc.info/?l=openbsd-misc&w=2&r=1&s=set+skip+pfctl&q=b | > | > >> | > | > >> | > | > >> | > | > > Yes sorry I posted this by accident, I still haven't got a valid | > | > > solution for this though. | > | > | > | > "set XX" options are a mix of directives to pf and to pfctl, | > | > the pfctl directives don't get stored anywhere so you can't | > | > retrieve them later. The ones affecting pf are available but | > | > in a different format. | > | | > | > -- | > >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ | > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] | > http://www.weirdnet.nl/ | -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/
