Home » Mailing list archives » openbsd-misc » 2008 » May » 16

Re: pf-nat help (solved)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Henning Brauer <lists-openbsd@...>
To: <misc@...>
Subject: Re: pf-nat help (solved)
Date: Friday, May 16, 2008 - 12:11 pm

* Jesus Sanchez  [2008-05-16 17:45]:


of course not. you disabled pf, then enabled it again. no ruleset

reload.


> I needed to use this instead with my actual config:


that is not the right way either. you disable pf, then load a new

ruleset and enable it again. the whole disable-enable dance it useless

and leaves a timeframe where no firewalling takes place, but traffic

flows. you just do pfctl -f /etc/pf.conf, it does the right thing for

you (load new ruleset, atomically switch to it, ditch old one)


--

Henning Brauer, hb@bsws.de, henning@openbsd.org

BS Web Services, http://bsws.de

Full-Service ISP - Secure Hosting, Mail and DNS Services

Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: pf-nat help (solved), Jesus Sanchez, (Fri May 16, 11:39 am)
Re: pf-nat help (solved), Henning Brauer, (Fri May 16, 12:11 pm)
Re: pf-nat help (solved), Jason Dixon, (Fri May 16, 11:49 am)