[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF rule question



On Tue, Dec 17, 2002 at 10:39:32AM -0600, David Montgomery wrote:

> I just recently got my openbsd 3.0 firewall up and running

Erm...3.0 is old. I'm  expecting the EOL notice  any day now. It's
not  a good  candidate to  recently get  up and  running. Besides,
there have been amazing improvements to pf since 3.0.

> Also, could I use a rule like this?
>
> Blacklist="/etc/hosts.deny"
>
>   # Black Listed  Users block in log quick on  $Ext inet proto {
> tcp, udp } from $Blacklist to any

No. You could use some sort  of pre-processor, though, if you like
doing that sort of thing. m4  and friends are supposed to shine at
this kind  of thing, but I'd  probably use Perl since  it's what I
know best.

Cheers,

b&

--
Ben Goren
 mailto:ben_(_at_)_trumpetpower_(_dot_)_com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]



Visit your host, monkey.org