Hello,
</snip>
> >
> > So how people feel about changing '-Fa' to kill all rules and tables, not
> > just
> > those, which are attached to main ruleset (root)?
> >
> > thanks and
> > regards
> > sashan
> >
>
> IMHO this is a needed feature, but I agree with your hesitation about
> using -Fa. This would be convenient to type, but the current documentation
> for pfctl -a says:
>
> "In addition to the main ruleset, pfctl can load and manipulate
> additional rulesets by name, called anchors. The main ruleset is the
> default anchor."
>
> The wording is slightly awkward but I read this as saying the current
> behaviour is intended.
>
> There's an obvious alternative user interface for this. Currently
> -a '*' is only described in conjunction with -s, but it would feel
> natural to allow this to be used with -F as well, e.g.
>
> # pfctl -a '*' -Fa
>
I like this idea to interpret "-a '*'" option in conjunction with '-F...'
in the same way we do it for "-s" already.
I also like tedu's idea to introduce a '-Freset'. I'll try to cook up some
diffs. One diff will deal with "-a '*' -F..." the other will bring
'-Freset'.
thanks and
regards
sashan
