On 16/01/2016 5:52 PM, Theo de Raadt wrote:
I've been using pf for years and really like it. I accidentally discovered
some undesirable behavior from the rule parser that caused some rules to be
skipped. This has happened to me twice and there was much hair pulling.
The short version is rules
I use the following script to reload pf rules. It allows me to check
that what I wrote was interpreted as I intended:
#!/bin/sh
test "$(id -u)" -eq 0 || exec sudo -- "$0" "$@"
old=$(mktemp /tmp/pf-reload.) || exit
trap "rm $old" EXIT
pfctl -sr > $old || exit
pfctl -f /etc/pf.conf;
> I've been using pf for years and really like it. I accidentally discovered
> some undesirable behavior from the rule parser that caused some rules to be
> skipped. This has happened to me twice and there was much hair pulling.
>
> The short version is rules starting with # but ending in \ get
I've been using pf for years and really like it. I accidentally discovered
some undesirable behavior from the rule parser that caused some rules to be
skipped. This has happened to me twice and there was much hair pulling.
The short version is rules starting with # but ending in \ get treated
