Thanks to all for the comments on this issue. Although several people have come up with alternative approaches, I still feel very much that the basic situation remains that pf is 'open' until something happens to close the firewall; and that while there won't /normally/ be a problem, nevertheless under fault conditions pf could potentially not be started up correctly, and could leave a system unnecessarily vulnerable.
I accept that this may not be an issue for some; for my own part, although I would /very/ much like to use the extra flexibility pf offers compared with the alternatives, nevertheless, I view this startup issue as a fundamental and fatal flaw. I shall certainly keep an eye on pf development, but for the present will continue to use ipf. -- various incoming sites blocked because of spam; see http://www.scottsonline.org.uk for a list and openpgp crypto key (key fingerprint 2ACC 9F21 5103 F68C 7C32 9EA8 C949 81E1 31C9 1364) [EMAIL PROTECTED] Mike Scott, Harlow, Essex, England