View Single Post
  #2   (View Single Post)  
Old 2nd March 2011
ocicat ocicat is offline
Join Date: Apr 2008
Posts: 3,297

Originally Posted by unixjingleman View Post
...dynamically add rules to your firewall ruleset...
Per the PF User's Guide's section on anchors (link & highlight are mine...):
In addition to the main ruleset, PF can also evaluate sub rulesets. Since sub rulesets can be manipulated on the fly by using pfctl(8), they provide a convenient way of dynamically altering an active ruleset. Whereas a table is used to hold a dynamic list of addresses, a sub ruleset is used to hold a dynamic set of rules. A sub ruleset is attached to the main ruleset by using an anchor.
No third-party tool is needed.
Reply With Quote