Date: Sun, 19 Dec 2004 06:33:14 +0100 From: Max Laier <max@love2party.net> To: sam wun <sam.wun@authtec.com> Cc: freebsd-pf@freebsd.org Subject: Re: DIOCCHANGERULE may be used in PF? Message-ID: <200412190633.24331.max@love2party.net> In-Reply-To: <41C5097B.5020606@authtec.com> References: <41C3B6CE.4080704@authtec.com> <200412181714.51674.max@love2party.net> <41C5097B.5020606@authtec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2787088.tuf9rFICE4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 19 December 2004 05:54, sam wun wrote: > I m not sure whether ssp_pf.c file should use DIOCADDADDR instead of > DIOCCHANGERULE. ssp_pf.c ?!? > As I looked into authpf.c file in function add_pool(), authpf only use > DIOCADDADDR for adding new rule to PF. DIOCADDADDR does *not* add a rule. DIOCADDRULE does that (and a subsequent= =20 DIOCCOMMITRULES). > I also want to find out where does DIOCCHANGERULE used in PF, but > nothing is found except in the man page: > # cd src/contrib/pf > # grep -r DIOCCHANGERULE * > man/pf.4:for subsequent DIOCADDADDR, DIOCADDRULE and DIOCCHANGERULE calls. > man/pf.4:DIOCADDRULE or DIOCCHANGERULE call. > man/pf.4:.It Dv DIOCCHANGERULE Fa "struct pfioc_rule" > > DIOCCHANGERULE may not be used. If I want to add new rule in PF, I may > be need to use DIOCADDADDR rather than DIOCCHANGERULE. > > Any comment? erm? I am having a hard time understanding what you mean. DIOCCHANGERULE works and may be used, but it is not easy to use. It is much= =20 easier to have an anchor and add new rules into that anchor as a complete=20 ruleset. This is how it's done in authpf and spamd. Otherwise you have to=20 keep track of to many things. Non of the default pf tools uses DIOCCHANGERU= LE=20 as it is not convenient to change rules. As rulesets can be committed=20 atomically it's much easier to replace a ruleset completely or to use=20 anchors. Anchors is the way to go most of the time. Look at authpf(8) for details. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2787088.tuf9rFICE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBxRKkXyyEoT62BG0RAqRMAKCBaEnHBK6ZcOPb1sogJrn45utvngCfQgxh gLFEb/cpqbv5EerS3f2dh2I= =T57t -----END PGP SIGNATURE----- --nextPart2787088.tuf9rFICE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412190633.24331.max>