U udaycdac Mar 19, 2012 #1 Can anyone tell me how to add rules in PF using pfctl without writing in pf.conf.
SirDice Administrator Staff member Administrator Moderator Mar 19, 2012 #2 Using anchors is probably the easiest. Code: anchor myanchor You can then add rules, which will be added at the position the anchor is in: Code: echo "block in from 1.2.3.4 to any" | pcftl -a myanchor -f - See pf.conf(5).
Using anchors is probably the easiest. Code: anchor myanchor You can then add rules, which will be added at the position the anchor is in: Code: echo "block in from 1.2.3.4 to any" | pcftl -a myanchor -f - See pf.conf(5).
OP U udaycdac Mar 19, 2012 Thread Starter #3 Thanx Sir for responding. I added rules in Iptables. Is there any direct command for adding the rules. Can u you give me an example?
Thanx Sir for responding. I added rules in Iptables. Is there any direct command for adding the rules. Can u you give me an example?
M melancholicpenguin Mar 22, 2013 #5 I have a similar question. Want to update running firewall with additional nat/rule to forward port based on an external event. I assume # pfctl -f /tmp/rules.update can be used but will it affect the currently running configuration already loaded from /etc/pf.conf?
I have a similar question. Want to update running firewall with additional nat/rule to forward port based on an external event. I assume # pfctl -f /tmp/rules.update can be used but will it affect the currently running configuration already loaded from /etc/pf.conf?
SirDice Administrator Staff member Administrator Moderator Mar 22, 2013 #6 melancholicpenguin said: I assume # pfctl -f /tmp/rules.update can be used but will it affect the currently running configuration already loaded from /etc/pf.conf? Click to expand... Yes, the rules will be loaded from /tmp/rules.update but current states will not be affected.
melancholicpenguin said: I assume # pfctl -f /tmp/rules.update can be used but will it affect the currently running configuration already loaded from /etc/pf.conf? Click to expand... Yes, the rules will be loaded from /tmp/rules.update but current states will not be affected.
