[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing rulesets remotely
Run an at(1) job for 5 minutes in the future. Have it put /etc/pf.conf as
the active ruleset. Then install a ruleset that isn't /etc/pf.conf (like
from your home directory, or the like). If it works, just kill the at(1)
job. If it doesn't, wait 5 minutes.
I also like the `shutdown -r +2; pfctl -f ./pf.conf` bit myself. Especially
when that machine is a gateway for an entire company. Scew that up a few
times, and you'll make sure to make the rules work the first time. Don't
get complacent though, because you'll definitly screw it up somewhere along
the way ;-).
On Wed, 28 Apr 2004 13:41:34 -0600
Tim Pushor <[email protected]> wrote:
:I am looking at trying to come up with a way to change rulesets remotely
:with provisions to back out the change if I accidently shoot myself in
:the foot ;-)
:I am just wondering if someone has already come up with an elegant (or
:not so) way of doing this already?
I can't understand it. I can't even understand the people who can
-- Queen Juliana of the Netherlands.