jush 05-07-2013 05:05 AM

PF reload
Hi all
Is it necessary to reload PF after each change done by pfcl?


rocket357 05-08-2013 10:18 AM

I think there's a bit of confusion going on here. The general workflow is:

1) Edit /etc/pf.conf
2) Update the running config: pfctl -f /etc/pf.conf

What do you mean by "reload"? pfctl -f? If that's it, yes, you should reload after editing /etc/pf.conf to your liking.

jush 05-09-2013 12:56 AM

Suppose that I change pf.conf using pfctl. e.g.

echo "pass in proto tcp from x.y.z.w to any port 22" | pfctl -a ANCHOR_NAME -f -
Is it necessary to do

pfctl -f /etc/pf.conf
? or something like that to apply the changes?

rocket357 05-09-2013 08:53 AM

Magic 8 ball says:


# pfctl -s Anchors
# pfctl -a test -sr
# echo "pass" | pfctl -a test -f -
# pfctl -a test -sr
pass all flags S/SA
"It does not appear so"

Minor nit: 'echo "pass" > pfctl -a ANCHOR -f -' does NOT modify /etc/pf.conf in any way. pf != iptables.

