PF reload

jush · 05-07-2013, 05:05 AM

Hi all
Is it necessary to reload PF after each change done by pfcl?

Thanks

rocket357 · 05-08-2013, 10:18 AM

I think there's a bit of confusion going on here. The general workflow is:

1) Edit /etc/pf.conf
2) Update the running config: pfctl -f /etc/pf.conf

What do you mean by "reload"? pfctl -f? If that's it, yes, you should reload after editing /etc/pf.conf to your liking.

jush · 05-09-2013, 12:56 AM

Suppose that I change pf.conf using pfctl. e.g.

Code:

echo "pass in proto tcp from x.y.z.w to any port 22" | pfctl -a ANCHOR_NAME -f -

Is it necessary to do

Code:

pfctl -f /etc/pf.conf

? or something like that to apply the changes?

rocket357 · 05-09-2013, 08:53 AM

Magic 8 ball says:

Quote:

# pfctl -s Anchors
test
# pfctl -a test -sr
#
# echo "pass" | pfctl -a test -f -
# pfctl -a test -sr
pass all flags S/SA

"It does not appear so"

Minor nit: 'echo "pass" > pfctl -a ANCHOR -f -' does NOT modify /etc/pf.conf in any way. pf != iptables.