On 02.04.2019 12:06, Klemens Nanni wrote:
On Tue, Apr 02, 2019 at 11:28:43AM +0200, Petr Hoffmann wrote:
would make me believe everything mentioned as OPTIONS in pf.conf(5) is about
to be reset. I see e.g. the debug level is reset, but what about the other
stuff like fingerprints, 'skip on' and other options set via the 'set'
command? Maybe the manpage should be more precise here?
Seems fine to me, given that a) some options are not persisted in the
driver but only effective during ruleset parsing and b) stuff like
fingerprints is already flushed separately, see pfctl(8) `-F osfp'.
For me, forcing the user to think what is meant by 'options' is not very
friendly, though I understand the idea behind *some* options being used
only while parsing. Let's assume I'm the smart user who is able to
distinguish them. But then, 'set skip on' is the persistent one, right,
but still not reset, I guess.
Petr
On 02.04.2019 12:06, Klemens Nanni wrote:
On Tue, Apr 02, 2019 at 11:28:43AM +0200, Petr Hoffmann wrote:
would make me believe everything mentioned as OPTIONS in pf.conf(5) is about
to be reset. I see e.g. the debug level is reset, but what about the other
stuff like fingerprints, 'skip on' and other options set via the 'set'
command? Maybe the manpage should be more precise here?
Seems fine to me, given that a) some options are not persisted in the
driver but only effective during ruleset parsing and b) stuff like
fingerprints is already flushed separately, see pfctl(8) `-F osfp'.
