On 8/23/2010 6:20 PM, Joseph L. Casale wrote: >>> Also, in 2.0 we have support for nested aliases. What you can do with >>> this is pretty straightforward ofcourse. You can then update 1 specific >>> alias which is part of the parent alias. >>> >>> This should make management a lot easier, the chances of error smaller >>> and possibly the number of firewall rules smaller. >> >> In 2.0 we also have a URL table alias type that can periodically update >> its contents from a URL that has IP and IP/CIDR format entries (one per >> line). >> >> We've tried it with 40k+ entries and it works fine. You can't edit the >> lists on the box though, they only refresh via the contents of the URL. >> There was no practical way to handle editing that large of a list in the >> GUI and storing the data in the actual XML file. >> >> There is a package for 1.2.3 that imports that functionality as well. > > This is exactly what I need, the Country Block package was what I wanted > but I need finer grained control, so an Alias to work with would do this. > > A quick pfctl show of the Table enumerated as expected. How does one keep > an eye on this? I am confused with the update frequency versus no cron job > added msg?
The cron job isn't automatically added in 1.2.3 (or 2.0 yet, haven't added it to the config, but that should happen soon) but you can add your own cron job to run daily that calls /etc/rc.update_urltables. It's easy to do with the cron package that's out there too. If you want to check the contents of the table, use pfctl -T show -t <name> where <name> is the name of your alias. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
