[HECnet] Config tool feature request
Brian Hechinger
wonko at 4amlunch.net
Thu May 1 11:23:57 PDT 2014
On Wed, Apr 30, 2014 at 10:46:47PM -0400, Cory Smelosky wrote:
Brian,
As I run pf at the Edge, can you add a bit that autogenerates a file
that looks like:
pass in on $ext_if proto gre from <remote tunnel IP> to any port
rdr-to 10.10.0.10 port snmp
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
table <hecnet_gre> persist file "/etc/hecnet"
pass in on $ext_if proto gre from <hecnet_gre> to any port
rdr-to 10.10.0.10 port snmp
then fetch ip_list via tftp and put it as /etc/hetnet
Then run: pfctl -t hecnet_gre -Tr -f /etc/hetnet
This file is re-generated every time my script is triggered. That being
said, it obviously only changes if people join/leave/change ip.
-brian
More information about the Hecnet-list
mailing list