On 05/03/17 22:16, Luke Small wrote: > Is it worthwhile to set up a hook for pf to load rules that have URLs after > the network services that can resolve them come into effect?
This sounds like you have a pf.conf that contains host names, and for some reason you are not sure that those names will resolve immediately when the ruleset loads. Do you have a real or plausibly constructed setup where there is a risk of this happening, and if so would you be able to share enough details that it will make sense to others? The reason I ask is that some close cousins of this question has tended to come up at my tutorial sessions, but the valid and workable solution always seems to be 'put those things in your /etc/hosts then'. I'm interested in hearing about setups that actually require something to loop on trying to resolve a specific set of names before loading the 'production' ruleset. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
