Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SRV2PF(1)	      User Contributed Perl Documentation	     SRV2PF(1)

       srv2pf -	Create and update PF tables from DNS records

       srv2pf [-46Fnpv]	[-fA file] -tA table name[:service[:transport]]	[...]

       The srv2pf utility creates and updates PF address tables	based on DNS

       For each	name specified on the command line, the	srv2pf utility
       performs	a DNS lookup for SRV, CNAME, A and AAAA	records.  The right-
       hand side of any	SRV and	CNAME records encountered are resolved

       If no errors occured during this	process, a PF address table with the
       name specified on the command line is either created or updated to
       match the list of IP addresses that were	found.	If the table already
       exists, its contents are	replaced with the list that was	obtained from
       DNS, unless the -p option was specified,	in which case the table	is
       treated as append-only.

       The following options are available:

       -4  Include IPv4	addresses in the table.	 If neither -4 nor -6 is
	   specified, the default is to	include	both IPv4 and IPv6 addresses.

       -6  Include IPv6	addresses in the table.	 If neither -4 nor -6 is
	   specified, the default is to	include	both IPv4 and IPv6 addresses.

       -F  Never flush a table.	 If a DNS lookup does not return any results,
	   assume that something is wrong and terminate	without	updating the
	   table or file.

       -f file
	   Save	the addresses to a file	in addition to updating	the table.  If
	   file	is a directory,	the addresses will be stored in	a file bearing
	   the name of the table within	that directory.	 The file is written
	   out before the table	is created or updated.	Failure	to write the
	   file	will generate an error message but will	not prevent the	table
	   from	being created or updated.

       -t table
	   The name of the table to be created or update.  This	option is

       -n  Perform all LDAP and	DNS lookups, but do not	create or update any
	   PF tables or	files.

       -p  Preserve existing table entries even	if they	are not	encountered in
	   DNS lookups.	 Implies -F.

	   This	does not apply to the file generated with the -f option, which
	   will	only contain the addresses retrieved from DNS.

       -v  Show	progress and debugging information.

       Each subsequent argument	is either a DNS	name or	IP address, or a
       service specification consisting	of at least two	and at most three
       items, separated	by colons.  The	first item is a	DNS name.  The second
       is a comma-separated list of service names, which defaults to
       http,https.  The	third is a comma-separated list	of transport
       protocols, which	defaults to tcp.  At least one service specification
       must be provided.

       Update a	table named ldap used to allow traffic from the	organization's
       internal	network	to its LDAP servers:

	   % grep -w ldap /etc/pf.conf
	   table <ldap>	persist
	   pass	in on int proto	tcp from int:network to	<ldap> port { ldap, ldaps }
	   pass	out on dmz proto tcp from int:network to <ldap>	port { ldap, ldaps }
	   % sudo srv2pf -pv -t	ldap
	   # looking up	SRV for
	   # looking up
	   # 50339   IN      AAAA    2001:db8:0:42::dc1
	   # 50339   IN      A
	   # looking up
	   # 302     IN      AAAA    2001:db8:0:42::dc02
	   # 128     IN      A
	   # looking up
	   /sbin/pfctl -t ldap -T add 2001:db8:0:42::dc01	2001:db8:0:42::dc02
	   No ALTQ support in kernel
	   ALTQ	related	functions disabled
	   4/4 addresses added.

       pf(4), pfctl(8)

       The srv2pf utility was written by Dag-Erling SmA,rgrav
       <> for the University of	Oslo.

perl v5.32.1			  2017-06-07			     SRV2PF(1)


Want to link to this manual page? Use this URL:

home | help