openbsd misc wrote:
interessting point. How about dumping it to a file or something so you are
able to check what was loaded last time (e.g. a file with 400 under
/var/whatever)?
What I want is, I have a script that when I commit a ruleset with pfctl
it uses pfctl to query the loaded rules and outputs that to a file, I
get the rulesets there using fwbuilder, which loads the ruleset directly
using pfctl, I have another script which checks the currently loaded
ruleset against the file that my commit script creates and does a diff,
if the ruleset hasn't been commited using my script (or doesn't match
the file) after a minute, it will roll the rules back. This is good
incase an admin loads a ruleset which locks them out. But I have no way
to get my set to recognize changes to options so when I try to commit a
ruleset using my script it thinks that I'm trying to commit the same
ruleset.
Does this make more sence?
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon-computing.com/
Lemon Computing is a limited company registered in England & Wales under
Company No. 03697052
