[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing rulesets remotely

Run an at(1) job for 5 minutes in the future.  Have it put /etc/pf.conf as
the active ruleset.  Then install a ruleset that isn't /etc/pf.conf (like
from your home directory, or the like).  If it works, just kill the at(1)
job. If it doesn't, wait 5 minutes.
I also like the `shutdown -r +2; pfctl -f ./pf.conf` bit myself.  Especially
when that machine is a gateway for an entire company.  Scew that up a few
times, and you'll make sure to make the rules work the first time.  Don't
get complacent though, because you'll definitly screw it up somewhere along
the way ;-).
On Wed, 28 Apr 2004 13:41:34 -0600
Tim Pushor <[email protected]> wrote:
:I am looking at trying to come up with a way to change rulesets remotely 
:with provisions to back out the change if I accidently shoot myself in 
:the foot ;-)
:I am just wondering if someone has already come up with an elegant (or 
:not so) way of doing this already?
I can't understand it.  I can't even understand the people who can
understand it.
		-- Queen Juliana of the Netherlands.