-
Notifications
You must be signed in to change notification settings - Fork 5
/
rpfload.8
96 lines (96 loc) · 2.81 KB
/
rpfload.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
.\"
.\"Copyright (c) 2021 Joseph Fierro <[email protected]>
.\"
.\"Permission to use, copy, modify, and distribute this software for any
.\"purpose with or without fee is hereby granted, provided that the above
.\"copyright notice and this permission notice appear in all copies.
.\"
.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: June 29 2021 $
.Dt RPFLOAD 8
.Os
.Sh NAME
.Nm rpfload
.Nd
.Xr pf.conf 5
loader with automatic rollback
.Sh SYNOPSIS
.Nm rpfload
.Op Fl o
.Op Fl t Ar seconds
.Fl f Ar live_config
.Fl b Ar backup_config
.Nm
.Op Fl t Ar seconds
.Fl d
.Fl f Ar live_config
.Sh DESCRIPTION
The
.Nm
tool uses
.Xr pfctl 8
to load a PF firewall configuration file and automatically rolls back
to a backup configuraton file after a configurable amount of time, if its PID has not been
killed or Ctrl-C pressed before the timeout period has expired.
The following options determine behavior:
.Bl -tag -width Dsssigfile
.It Fl f Ar live_config
The PF config file to apply immediately.
.It Fl b Ar backup_config
The backup PF config file.
This will be applied automatically after 60 seconds,
or whatever time was chosen with the
.Fl t
option.
If
.Fl o
was also given, it will be copied to the live_config file location, overwriting it.
This is mutually exclusive with
.Fl d .
.It Fl d
Disable PF instead of replacing config files.
This is mutually exclusive with
.Fl b
and
.Fl o .
.It Fl o
When reverting config files, also overwrite the live config file location with the backup.
Mutually exclusive with
.Fl d .
.It Fl t
The time to wait in seconds before reverting configurations.
.El
.Sh EXAMPLES
A simple example is below:
.Pp
.Dl # rpfload -f /etc/pf.conf -d
.Pp
This will instruct
.Nm
to run 'pfctl -f /etc/pf.conf' to load the
.Pa /etc/pf.conf
ruleset, wait 60 seconds, and disable the firewall if the
process has not been terminated before the timeout is reached.
.Pp
.Dl # rpfload -f /etc/pf.conf -b /etc/pf.conf.backup
.Pp
This will run instruct
.Nm
to run 'pfctl -f /etc/pf.conf', wait 60 seconds, then if the process has not been terminated,
run 'pfctl -f /etc/pf.conf.backup'.
.Pp
.Dl # rpfload -t 30 -o -f /etc/pf.conf -b /etc/pf.conf.backup
.Pp
This will do the same as the above, but will change the timeout to 30 seconds, and if the configuration
reverts, it will also overwrite
.Pa /etc/pf.conf
with
.Pa /etc/pf.conf.backup .
.Sh AUTHORS
.An Joseph Fierro Aq Mt [email protected]