DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st July 2015
daemonbak daemonbak is offline
Fdisk Soldier
 
Join Date: Feb 2015
Posts: 51
Default pf.conf place multiple tables in one variable

Would it be possible/advisable to combine multiple tables into a single variable?

Say I had 3 tables in my pf:

Code:
table <fat> persist file "/etc/pf_fat
table <drunk> persist file "/etc/pf_drunk
table <stupid> persist file "/etc/pf_stupid
Now normally I would add a rule for each table:

Code:
block in quick from <fat> to any
block in quick from <drunk> to any
block in quick from <stupid> to any
But what if, I put all three tables in a single variable:

Code:
AnimalHouse="{ <fat> <drunk> <stupid> }" #Not even sure if syntax is right - just stabbing in dark
Thereby reducing it to one rule that i could tack onto that is already present:

Code:
block in quick on egress from { $AnimalHouse $broken urpf-failed no-route } to any
As always, thanks!
Reply With Quote
  #2   (View Single Post)  
Old 21st July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Yes, for clarity of understanding you may write rules with lists of tables. Operationally, lists don't exist. They become multiple rules when loaded. You can see this when you examine any ruleset with lists using # pfctl -sr after you load it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to deploy pf.conf to multiple machines? Skinny OpenBSD General 2 5th July 2014 03:56 PM
Python: Use the value of a variable for calling another variable Carpetsmoker Programming 13 5th April 2009 05:53 PM
CSH 'mch' variable? JMJ_coder General software and network 1 12th February 2009 11:24 PM
Using Date variable? cwhitmore FreeBSD General 9 13th August 2008 07:16 AM
dhclient.conf: multiple fixed-address statements xiphias FreeBSD General 14 19th June 2008 06:42 AM


All times are GMT. The time now is 05:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick