* J.C. Roberts <list-...@designtools.org> [2009-03-09 10:06]: > On Sun, 8 Mar 2009 16:01:57 -0700 Hilco Wijbenga > <hilco.wijbe...@gmail.com> wrote: > > > I have pf running on my firewall box and I'm experiencing some strange > > behaviour. After several hours (this may even be 24 hours) of > > functioning normally, pf seems to reload its default rules which means > > that from that point on all traffic is blocked. A simple "pfctl -f > > /etc/pf.conf" fixes the problem but it is very annoying. > > ummm... no. Think about it for a moment. The default rules *are* stored > in /etc/pf.conf
debatable, there is a default ruleset in /etc/rc loaded early before the real pf.conf is loaded. but unless someone manually runs rc there is no way that could be loaded. technically, the default ruleset is "pass", everything else has to be sent to the kernel by pfctl. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam