| Turning on PF | ||
|---|---|---|
 | Setting up a redundant OpenBSD 4.8 firewall |  |
| Turning on PF | ||
|---|---|---|
| | Setting up a redundant OpenBSD 4.8 firewall | |
We use rsync from the PC to the root account on both firewalls to send the new PF configuration to both hosts, then use SSH to execute pfctl -f pf.conf && cp pf.conf /etc/pf.conf.
Have a directory dual-fw with a pf.conf, a script update-pf.sh:
#!/bin/ksh
pfctl -f pf.conf && cp pf.conf /etc/pf.conf
and a Makefile:
DIRNAME=dual-fw
IP1=10.0.7.252
IP2=10.0.7.253
SSHOPTS=
SSH=/usr/bin/ssh
update: update-pf
update-pf: upload
$(SSH) $(SSHOPTS) root@$(IP1) 'cd $(DIRNAME) && make install-pf'
$(SSH) $(SSHOPTS) root@$(IP2) 'cd $(DIRNAME) && make install-pf'
install-pf:
./update-pf.sh
upload:
echo "Uploading"
rsync -rav . root@$(IP1):~/$(DIRNAME)
rsync -rav . root@$(IP2):~/$(DIRNAME)
... and just run
jurjen@PC:~/projects/dual-fw$ make update
echo "Uploading"
Uploading
rsync -rav . root@10.0.7.252:~/dual-fw
sending incremental file list
./
pf.conf
sent 224 bytes received 46 bytes 180.00 bytes/sec
total size is 2042 speedup is 7.56
rsync -rav . root@10.0.7.253:~/dual-fw
sending incremental file list
./
pf.conf
sent 224 bytes received 46 bytes 180.00 bytes/sec
total size is 2042 speedup is 7.56
/usr/bin/ssh root@10.0.7.252 'cd dual-fw && make install-pf'
./update-pf.sh
/usr/bin/ssh root@10.0.7.253 'cd dual-fw && make install-pf'
./update-pf.sh
jurjen@PC:~/projects/dual-fw$