Olivier Mehani wrote: > On Mon, Jan 09, 2006 at 08:37:04PM +0100, Otto Moerbeek wrote: >>> adsl: >>> ! sh -c "/sbin/ifconfig pflog0 up" > > As far as I remember, it's not necessary to ifconfig pflog0 up to use it. > >> Why enable pf only when the link is up? It's non-standard and >> potentially dangarous. You're better of using the standard way of >> enabling pf. > > However non standard, I don't clearly see the potential danger in this. Can > you > elaborate ?
I think the philosophy is that if you have pf running all the time then there are a lot less things to go wrong. It starts at boot time and that is it. Russell
