On 2007/08/07 15:46, Austin Murphy wrote: > If I made a new file with a just the new rules and loaded it with > something like "pfctl -f two.pf.rules.conf", would all the existing > filter rules be dropped and would only the two new rules be in effect?
Yes. > Let's say I updated the existing config file, /etc/pf.conf, with my > new rules. What would happen if I ran "pfctl -f /etc/pf.conf"? This would do what you want. > Would the existing state table be flushed? No. You'd need a -F <something> to flush things. > Would there be a point in this time frame where there were no > filter rules loaded and packets would get dropped? No.
