On 2011-05-08, Chris Smith <obsd_m...@chrissmith.org> wrote: > After an update to -current yesterday Internet access was lost as > pf.conf could not be loaded. The error message was: > pfctl: DIOCADDRULE: Operation not supported by device
Address translation would break but you should still be able to get into the machine. > This error occurred after upgrading the kernel and then rebooting. > After userland was brought up to date as well and the system rebooted > everything was fine. The system in question was local so outside of > being offline for the amount of time it took to build userland there > wasn't a lot to worry about. What I'm concerned with is this being an > issue on a remote system where not being able to get back in after > rebooting with just an updated kernel would (if it happened) be a > serious issue. I would *very strongly* recommend out of band management of some sort for any important remote machine. Whether it's serial console, KVM/IP, or a remote management card (one with dedicated nic; there are good reasons why openbsd doesn't support the shared nic cards). If you skip this, it's more important than usual to the same upgrade path on the same type of machine locally first. There's usually no problem, but sometimes you get unlucky with various code changes.
