Hello community,
Using anchors with PF allows us to add rules on-the-fly:
Now with the anchor in place we can insert rules from the command line. For example the rule below will block outbound traffic from host 192.168.47.4:
Unless I am logged in as the root user, I have to enter a shell session for the above rule to work. For example the rule below will not work because I did not use
Why do I have to enter into another shell to make this work?
Using anchors with PF allows us to add rules on-the-fly:
Code:
...
...
...
block all
anchor my_anchor
...
...
...
Now with the anchor in place we can insert rules from the command line. For example the rule below will block outbound traffic from host 192.168.47.4:
Code:
sudo sh -c 'echo "block return out quick on egress from 192.168.47.4" | pfctl -a my_anchor -f -'
Unless I am logged in as the root user, I have to enter a shell session for the above rule to work. For example the rule below will not work because I did not use
sh -c
:
Code:
sudo 'echo "block return out quick on egress from 192.168.47.4" | pfctl -a my_anchor -f -'
Why do I have to enter into another shell to make this work?