2010/3/15 Toni Mueller <[email protected]> > > Hi, > > On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto < > [email protected]> wrote: > > for me it works good ... just don't use -R option > > > > http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 > > thanks for this link. > > Not using "-R" is not too good, either, as on this particular box, > reloading everything results in a severance of all existing > connections. A clarification in the docs is imho the way to go. My > 'nroff' is almost nonexistant, but here's a diff: > > > --- pfctl.8.orig Wed Jun 11 09:23:36 2008 > +++ pfctl.8 Mon Mar 15 12:53:04 2010 > @@ -354,7 +354,9 @@ > Only print errors and warnings. > .It Fl R > Load only the filter rules present in the rule file. > -Other rules and options are ignored. > +Other rules and options are ignored. If you are using > +tables, you need to also specify one of "-T load" or > +"-o none". > .It Fl r > Perform reverse DNS lookups on states when displaying them. > .It Fl s Ar modifier > > > Kind regards, > --Toni++ >
Hi Toni, I find this "Starting in OpenBSD 4.2, the default is basic. See pf.conf(5)<http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+4.6>for a more complete description. " on faq (http://www.openbsd.org/faq/pf/options.html) and also in the man pages http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+4.6 Best regards -- Matteo Filippetto
