Re: How to make npf tables persist?

To: current-users%netbsd.org@localhost
Subject: Re: How to make npf tables persist?
From: Swift Griggs <swiftgriggs%gmail.com@localhost>
Date: Wed, 27 Jul 2016 16:16:22 -0600 (MDT)

On Wed, 27 Jul 2016, tr%vispaul.me@localhost wrote:
> That solves my immediate need but I still would be interested in knowing 
> how to save tables that have been altered through npfctl.

When I've needed something like this in the past, I've usually just 
written an 'rc' script to save the rules before rebooting. You can also 
use a cronjob-based script that compares the running ruleset with the 
stored ruleset. When there is a delta, it saves the running ruleset. 

I think what a lot of folks expect (since it's the norm with Linux) is 
that there is a fairly obtuse command line tool for the actual 
add/drop/modify operations a ruleset and a wrapper command that handles 
save/load/reload/stop operations for the filter-set globally as well as 
having some modes to "simplify" the rule syntax. 

I personally don't consider that model optimal. I think the IP Filter (and 
so PF, and NPF) have the right idea (beautiful and easy to read syntax in 
a text file with solid binary tools for operational control) and the 
toolset is good. The only thing I'd add at this point would be 
modifications to the rc script that include some optional way to preserve 
the rules akin to what you are asking about. Perhaps there is some 
existing mechanism and I just don't know about it.

-Swift

Follow-Ups:
- Re: How to make npf tables persist?
  - From: tr

References:
- How to make npf tables persist?
  - From: tr
- Re: How to make npf tables persist?
  - From: tr

Prev by Date: Re: How to make npf tables persist?
Next by Date: daily CVS update output
Previous by Thread: Re: How to make npf tables persist?
Next by Thread: Re: How to make npf tables persist?
Indexes:

Home | Main Index | Thread Index | Old Index