> # cat /etc/authpf/users/cyoub/authpf.rules

quoted text
> external_if = "bge0"

> internal_if = "bge1"

> pass in quick on $external_if from $user_ip to 172.16.0.0/22

> pass in quick on $external_if from $user_ip to 172.16.4.0/22

> pass in quick on $external_if from $user_ip to 172.16.8.0/22 <-- I add this

> after I authenticate.

>

> cyoub    18023  0.0  0.1   488   800 p2  Ss+    3:53PM    0:00.04 -authpf:

> cyoub@10.0.1.41 (authpf)

>

> 1) I authenticate via ssh

> 2) I access my now available IP resources

> 3) My authpf.rules file gets newly updated while I'm logged in

> 4) I cannot access my newly updated IP resources

> 5) I "kill -TERM 18023", or if I "kill -HUP 18023" and kill my session

> 6) I re-authenticate via ssh

> 7) I access my now available IP resources AND my newly updated IP resources

>

> How can I skip #4-6?

	Use the authpf_users table instead of adding rules for this.

in your main ruleset:
table  persist.
pass in quick on $external_if from  to 172.16.0.0/22

pass in quick on $external_if from  to 172.16.4.0/22

pass in quick on $external_if from  to 172.16.8.0/22
then pfctl -f /etc/pf.conf when you add a rule like that
authpf maintains who is in that table
	-Bob