On Fri, 11 Nov 2005, Daniel Hartmeier wrote: > I'm pretty sure your theory is correct. You can query the list of > interfaces with pfctl -vsI, which prints '(skip)' on those that are > currently being skipped.
ah, yes, thank you. i did check, and yes, it's the skip flag that gets cleared. > Reloading the ruleset does (and should) clear the 'set skip' set, as we > agreed that there should be no (or as little as possible) state in the > kernel that persists across ruleset reloads. Other options are similarly > cleared on reload (and then re-instated, if you reload a ruleset similar > to the old one). So loading an empty ruleset should clear all such > options. > > Now, if the ruleset doesn't exist at all (I assume you didn't have a > file called 'all' lying in the cwd when running pfctl -f all), I guess > nothing should happen except for the error message. I'll check about > that. > > Or what would you prefer instea > exactly that. unless there's some master idea i'm not aware of (or can't think of), that seems to be the most reasonable behavior, no? -- [-] mkdir /nonexistent
