> On Mar 5, 2016, at 9:00 AM, Robert Chalmers <rob...@chalmers.com.au> wrote: > > Jim, yes. > I went for the line of least resistance, a plist file to enable pf at boot > time. > The system has a pfctl.plist that loads pf.conf, but there is no automatic > way to then enable pf - which seems very odd. > > So you have pfctl -f /etc/pf.conf loaded at boot-time, but the packet filter, > pf, isn’t also enabled. So I rolled my own to enable it. > > Turning on the Firewall, which I have on by default on mine, makes no > difference to the state of pf. Which is disabled by default. > > anyway, it’s running now, and I’ll try a reboot later to see if it ‘enables’ > - I may have to time it so it enables after the pfctl loads the conf. > > cheers
Robert, I find IceFloor to be a helpful frontend for pf. <http://www.hanynet.com/icefloor/index.html> -Terry Terry Barnum digital OutPost Carlsbad, CA http://www.dop.com 800/464-6434