On Wed, Apr 11, 2007 at 02:44:10PM -0400, Jeff Quast wrote: > On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote: > >feature in shorewall - safe restart. > > > >Is there a ready made script accomplishing this for openbsd / pf? Or any > >plans of building such functionality? > > I've done this with pf. I used at(1) like anybody would. You can load > a new rule using pfctl -f /etc/pf.conf/new, with an at(1) job to load > /etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it > with /bin/sh. > > Personaly I'd hate to see this as an actual 'feature' anywhere. If > everything this trivial was implemented into pfctl I would stop > reading manuals top to bottom. You should look at the command prompt > like a live programming enviroment. I recommend reading "The UNIX > Programming Environment" by Brian W. Kernighan and Rob Pike.
Once you have a working ruleset, most changes shouldn't be enough to effect YOUR connectivity to the firewall. After running $EDITOR to change your ruleset, run 'pfctl -nvf /etc/pf.conf' to make sure the output matches your expectations before running 'pfctl -f /etc/pf.conf'. -ME
