I have a slightly elaborate firewall setup where my server usually has between 400 and 800 ip addresses firewalled. It switches back and forth between two different pf tables. Every day it rebuilds the firewall list in the new table and flushes the old one. It does this all via script and it works very well.
But the problem is this ALTQ error. Every time you use pfctl for anything, the first thing it does is output two error lines:
No ALTQ support in kernel
ALTQ related functions disabled
Problem is my script runs pfctl hundreds of times per day. The error log for my script is growing WAY too fast.
Is there any way to suppress these error messages? pfctl does have a -q flag but that's only for ignoring non-error output. Is there a way I can more fully disable ALTQ in the config file so it won't even try to use it?
Note that I don't know what ALTQ is, but I know I don't need it. My firewall works perfectly aside from the log flood.
Best Answer
I am probably missing something, because this does not seem to be a complex question. If you what to screen out these 2 error messages, then enter the command given below.
I omitted any parameters that would normally occur between
pfctland>2. A function could be defined which would simplify the use of this command. One such function implementation is shown below.Under certain conditions, the above solution could result in the output appearing "out of order". This could be corrected by piping the output through the
catcommand. In other words, you could use the command given below.Also the function could be replaced with the one given below.
References
Bash Redirections Cheat Sheet