> On Oct 19, 2015, at 18:26, Karl O. Pinc <[email protected]> wrote: > But if you write DNS names into your pf.conf > file then step 2 can be eliminated. All > that's required is to reload the rules. > > Eliminating an extra editing step reduces > error.
Unless of course your DNS is on your LAN and after a major power outage everything is trying to cold boot at once, and now your pf rules won't resolve because no DNS is available. Network services should form a DAG, and your firewall should be near the root of the graph. Of course, so should DNS. Be sure of what you have and that it's deterministic and properly ordered, or you will get bitten in the middle of your vacation (Murphy's Law and all ...) Devin
