PF PF and tables

[Christopher Weimann]

I am trying to switch some stuff from ipfw to pf. On ipfw I make extensive use of "/sbin/ipfw -q /dev/stdin" to add and remove items from tables. I can't seem to find an equivalent way of doing the same with pf. Yes, I could call "pfctl -T add" for every address address but there is a LOT of this type of activity in my setup. I have found pftabled and py-pf in ports but neither of those seem to be working.

 

[Kristof Provost]

Read the pfctl man page, specifically this bit:

For the add, delete, replace, and test commands, the list of
addresses can be specified either directly on the command line
and/or in an unformatted text file, using the -f flag.

 

[Christopher Weimann]

Yes, I'm aware of that. The problem is that I am constantly adding and removing IPs from tables. Just checked a busy machine and it is doing about 100 IPs a minute which is a combinations of ADD and DEL. This is using ipfw where I can "/sbin/ipfw -q /dev/stdin" and leave that open and send things like "table 5 add 192.168.50.23" to it.

 

[SirDice]

pfctl -t <table> -T add <IP>; pfctl -t <table> -T del <IP>.

This is using ipfw where I can "/sbin/ipfw -q /dev/stdin" and leave that open and send things like "table 5 add 192.168.50.23" to it.

That means you're going to have to change the way the script works.

 

[Kristof Provost]

It is also possible to write a tool to do this. The pf(4) man page documents the pf ioctl interface. Look for DIOCRADDADDRS and DIOCRDELADDRS.

Although I'd recommend writing a library for this first, and using that library in whatever tool you come up with. A libpf is on my (very) long-term planning, and this is the easiest thing to start with, and likely also the most immediately useful.

 

[Christopher Weimann]

I have pftabled working. Turns out I misunderstood the documentation. I can get to something that does what I need with this.