On Wed, Dec 21, 2005 at 03:13:10PM +0100, Peter N. M. Hansteen wrote:
> Joachim Schipper <[EMAIL PROTECTED]> writes:
>
> > pfctl -n? It should catch, at least, typos.
>
> I had the impression ed was looking for something to do about those the
> typos which do not produce a syntax error, just silly rules.
>
> pfctl -s [mumble] supplemented with -g and -v should help. Creative use
> of logging in the rules you are editing along with tcpdump magic should
> be useful too.
I like to macro pretty much every variable that is used in more than one
place (i.e., hostnames, ports, etc; hostnames are especially likely to
be re-re-re-...-used). If you choose good names, it can make stuff
easier to understand; and typos tend to be far more disastrous (either
giving syntax errors or breaking a large part of the configuration),
which is a good thing as you can then fix it immediately.
Of course, not a diagnostic tool - but it works, to some extent.
Joachim
