On Tue, 23 Aug 2005 16:53:25 -0600, Theo de Raadt wrote: > You're wrong. Everyone -- run pf wherever you find it easier.
Followed this discussion with interest. Doing the same thing (running pf) on my single-ended boxes; I actually questioned myself why all of this is not part of the base install. Would make my life easier; with pf turned on instead of me turning it on; and a default pf.conf that opens 22 only and only in case I had decided to run sshd during install. With the macros in PF it is much much easier to simply add service identifiers if I wanted more. And pfstat being in the base as well ! Would simplify my installs even more: vi /etc/pf.conf, add / remove services there. Over. Browse newbox.mydomain.com/usage/pfstat.png (because I'd add httpd-flags, and http in pf.conf), and I'd be knowing what is going on two minutes after reboot. Plus, I'd feel even safer out of the box. Uwe
