> > (For sake of the argument: pfctl has options, maybe they should be a > > rc.conf option for it?) > > pfctl is not a daemon per se, as opposed to e.g. smtpd or httpd. > > As far as enabling pf and loading the ruleset, only a subset of the > pfctl flags are of interest. > > Therefore, there is $pf_rules, which is passed with -f to pfctl. Not > sure what other options would be of use. > > There are a few other special cases, such as $spamd_black, which could > just as well have been configured in $spamd_flags, if it wasn't also > used to determine whether we should also start spamlogd or not.
The support for options to pfctl was removed intentionally. If you want to control what pf is doing, do it in the config file. We removed pfctl options to force that. It is good practice that pf works the same if you forget to pass stupid options to it.
