> On Sep 4, 2020, at 12:03 PM, Tommy Nevtelen <tommy@nevtelen.com> wrote:
>
> On 04/09/2020 17.40, Brian Brombacher wrote:
>>>> On Sep 4, 2020, at 11:28 AM, Brian Brombacher <brian@planetunix.net> wrote:
>>>
>>>
>>>> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen <tommy@nevtelen.com> wrote:
>>>>
>>>> Hi there misc!
>>>>
>>>> Is there an external pfctl linter? we have bunch pf firwalls for which we generate rules but also write some manual ones that get merged. Would be nice if we could lint the rules before committed to vcs.. (yes we test before they are applied on the machines as well but that is way too late in a sane pipeline imho)
>> Sane pipeline... :)
>>
>> Developer machine: can that securely run pfctl -n? Linter is great... but there's a ton more involved.
>
> Don't get too caught up on my wording :)
>
> What is the ton that would be involved?
>
> It would be to catch the most stupid typo/syntax issues not to check if the full config is valid on a specific machine.
>
> My more exact use case would be a pre-recieve hook or a check before merging to the production branch.
>
Well, let's say a Linter doesn't exist and you can't invest time to make one. Do you have a lower environment, mirror-exact ideally, to run tests on the pre-receive hook?
It's an interesting issue you're trying to solve ;)
>
> /T
>
>
No comments:
Post a Comment