Rules in anchor
Daniel Hartmeier
daniel at benzedrine.cx
Thu Jun 8 18:43:52 UTC 2006
On Thu, Jun 08, 2006 at 03:42:47PM +0400, Dmitry Andrianov wrote:
> root at host <mailto:root at host> # pfctl -s Anchors
> ftpsesame
> root at host <mailto:root at spb-gw1> # pfctl -a ftpsesame -s rules
> root at host <mailto:root at spb-gw1> #
It creates sub-anchors within that anchor (with the process pid and a
connection id as part of the name), and the rules are inserted there.
The reason for that is that it's simpler to flush an entire (sub)anchor
than removing one specific (of potentially multiple) rules in just one
set.
Try pfctl -vs Anchors, it lists anchor and sub-anchors recursively. Then
pfctl -a ftpsesame/sub.anchor -s rules.
Daniel
More information about the freebsd-pf
mailing list