| Tutorial details | |
|---|---|
| Difficulty | Easy (rss) |
| Root privileges | Yes |
| Requirements | *BSD+pf |
| Time | 1m |
There is no need to write a shell script and call it from cron. You can load the rules from the /etc/pf.conf and sleep or 120 seconds then disable pf using the following syntax:
#/sbin/pfctl -f /etc/pf.conf && sleep 120 && /sbin/pfctl -dWhere,
ADVERTISEMENTS
- -f /etc/pf.conf – Load the rules contained in /etc/pf.conf.
- -d – Disable the packet filter.
- sleep 120: The sleep command suspends execution for a minimum of 200 seconds before calling the next command.
You can also test pf.conf for syntax errors using the following options:
# /sbin/pfctl -nf /etc/pf.conf
Finally, && (AND list) shell control operator is to used run next command only if, first command returns an exit status of zero. So each command in list must be successful in order to run next command.
# /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf && sleep 120 && /sbin/pfctl -d
See also
- How To Reset Linux Firewall Automatically While Testing Configuration With Remote Server Over SSH Session
- Man pages – ksh(1), and pfctl(8)
🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 4 comments... add one ↓
UP NEXT
How To Add Jobs To cron Under Linux or UNIX
Linux: At What Time Cron Entries In cron.daily, cron.weekly, cron.monthly Run?- How to use yum-cron to automatically update RHEL/CentOS Linux
What does the sleep command do in Linux?
Ubuntu Linux check cron log file error or messages in /var/log/cron.log file
How To Find Out Hard Disk Specs / Details on Linux
Linux List / Display and view all cron jobs
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
This is great, although you might already have a working rule set. In which case you wouldn’t want to take down the whole firewall over a mistake. My working method has been about the same as above, but I keep new rules in there own file pf.testing. Then you can do the 120 second delay to load the original set if things went wrong. This way there is no open hole(s) in your firewall while your testing. Obviously it’s highly unlikely you’ll have an attack the moment you bring the firewall down. I just think it’s better practice if there is a choice.
Thinking about it the command -nf is very useful in testing new rules, you are always kept behind your trustful gateway.
Saviour!
pfctl -ngf is the best option, as will show you all syntax errors (on the logic ones, there is no magic :( )