On Mon, Jul 11, 2005 at 03:48:29PM +0300, Nikolay Kalev wrote: > You should use pfctl -Fa -f /etc/pf.conf to flush everything including > set parameters !!! > not all of the set parameters are flushable trought pfctl -F rules command.
Actually, the -F is superflous (and possibly harmful) when combined with -f. And -f should clear all interface flags before loading the new ruleset (which may or may not contain new 'set skip on' parameters). Using -Fa would have cleared the flags, too, but it would also have flushed all state entries etc. In short, pfctl -f /etc/pf.conf should pretty much reset all rules, parameters and other flags, and make pf behave in exactly the same way as if you'd have rebooted instead (minus state entries and counters). It's not perfectly implemented, but that's the goal at least :) Daniel
