Hi,
On Wed, 17.03.2010 at 16:24:42 +0100, Henning Brauer
wrote:
> -A, -O, -R are bullshit and I'll happily remove them. soon.
that's ok with me. I thought that changing the docs was the
less-intrusive thing to do, and I have no experience with ipf, so that
certainly wasn't on my mind.
TIA!
--
* Toni Mueller [2010-03-15 10:52]:
> I've just run into the following problem on a 4.6 box:
>
> /etc/pf.conf (excerpt):
>
>
> table const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
> block out on $extif from
>
>
> # /sbin/pfctl -F rules -R -f pf.co
* Toni Mueller [2010-03-15 12:59]:
> Not using "-R" is not too good, either, as on this particular box,
> reloading everything results in a severance of all existing
> connections.
I don't believe you.
pfctl -f /etc/pf.conf
doesn't do that.
ok, shouldn't, but I don't see where that could break.
2010/3/16 Toni Mueller
> Hi,
>
> On Tue, 16.03.2010 at 07:37:42 +0001, Jason McIntyre
> wrote:
> > On Mon, Mar 15, 2010 at 10:35:23PM +0100, Toni Mueller wrote:
> > > An optimizer (or any other such device) which is on by default and
> > > claims to not change semantics, should imho be transpare
Hi,
On Tue, 16.03.2010 at 07:37:42 +0001, Jason McIntyre wrote:
> On Mon, Mar 15, 2010 at 10:35:23PM +0100, Toni Mueller wrote:
> > An optimizer (or any other such device) which is on by default and
> > claims to not change semantics, should imho be transparent to the user,
> > but this one isn't
On Mon, Mar 15, 2010 at 10:35:23PM +0100, Toni Mueller wrote:
> Hi,
>
> On Mon, 15.03.2010 at 13:04:04 +, Jason McIntyre
> wrote:
> > doesn;t "Other rules and options are ignored." already cover this?
>
> may be. But then, you are possibly only too deeply entrenched in this
> stuff to "see"
Hi,
On Mon, 15.03.2010 at 13:04:04 +, Jason McIntyre wrote:
> doesn;t "Other rules and options are ignored." already cover this?
may be. But then, you are possibly only too deeply entrenched in this
stuff to "see" the problem.
> furthermore, since -T has a load command, should we really exp
2010/3/15 Toni Mueller
>
> Hi,
>
> On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto <
> matteo.filippe...@gmail.com> wrote:
> > for me it works good ... just don't use -R option
> >
> > http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502
>
> thanks for this link.
>
> Not using "
On Mon, Mar 15, 2010 at 12:54:09PM +0100, Toni Mueller wrote:
>
> Not using "-R" is not too good, either, as on this particular box,
> reloading everything results in a severance of all existing
> connections. A clarification in the docs is imho the way to go. My
> 'nroff' is almost nonexistant, b
Hi,
On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto
wrote:
> for me it works good ... just don't use -R option
>
> http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502
thanks for this link.
Not using "-R" is not too good, either, as on this particular box,
reloading everythi
2010/3/15 Toni Mueller
> Hi,
>
> I've just run into the following problem on a 4.6 box:
>
> /etc/pf.conf (excerpt):
>
>
> table const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
> block out on $extif from
>
>
> # /sbin/pfctl -F rules -R -f pf.conf
> r
Hi,
I've just run into the following problem on a 4.6 box:
/etc/pf.conf (excerpt):
table const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
block out on $extif from
# /sbin/pfctl -F rules -R -f pf.conf
rules cleared
pfctl: Must enable table loading f
12 matches
Mail list logo
