> Hansteen, Peter N.M., "The Book of PF," San Francisco, No Starch Press, > 2008. See pg 23. "... you can use domain names and host names in your rule > set, but then the rule set would only be valid after the name service is > running and accessible. In the default configuration, PF is loaded before > any network services are running... [to do so] you will need to change the > system's startup sequence ... to load the name service-dependent rule-set > only after the name service is available.
Not quite accurate In reality, 'name service' includes /etc/hosts, as long as the resolv.conf file (if it exists, which is very likely) does not have a completely silly lookup ordering (ie. keep "file" at the start of the list). In that case, using host names before named/others are started is OK. I mention the "lookup" ordering not just so that the lookup can succeed, but so that it gets the same result early in boot and later (for instance, if you reload your rules).
