On Tue, 7 Aug 2007 18:31:53 -0500, Mike Piety wrote: >On Tue, 7 Aug 2007 15:46:41 -0400 >"Austin Murphy" <[EMAIL PROTECTED]> wrote: > >> I inherited a "transparent" bridging firewall running >> OpenBSD 3.8 and pf. I would like to add two new filter >> rules without disrupting the current network traffic. The >> pfctl man page did not seem to indicate a way to load a >> single filter rule to a running configuration. >> >> If I made a new file with a just the new rules and loaded >> it with something like "pfctl -f two.pf.rules.conf", would >> all the existing filter rules be dropped and would only the >> two new rules be in effect? >> >> Let's say I updated the existing config file, /etc/pf.conf, >> with my new rules. What would happen if I ran "pfctl >> -f /etc/pf.conf"? >> >I'd suggest "pfctl -n -f /etc/pf.conf"
Lazy me likes to be safe and does: # pfctl -f /etc/pf.conf -n and if has no error output: <up arrow><backspace><backspace><enter> loads the rules. > >> Would the existing state table be flushed? Would there be >> a point in this time frame where there were no filter rules >> loaded and packets would get dropped? >> >> Thanks, >> >> Austin > Rod/ >From the land "down under": Australia. Do we look <umop apisdn> from up over?
