On Tue, Mar 5, 2024 at 12:24 PM Markus Wernig <liste...@wernig.net> wrote:
> When I reload the pf ruleset with pfctl, the number in the pid field > changes. So my assumption is that it is the pid of the pfctl process > that inserted the rule. Is that correct? > I believe you are correct. while running tcpdump in another window, I tested this for myself by running: # pfctl -f /etc/pf.conf & [1] 27982 The pid shown in the tcpdump output immediately changed from its previous value to 27982. I assume that this feature is most useful when specific rules are updated via anchors, e.g. for ftp-proxy. -ken
