hi, i just observed a strange phenomenon, which, if it's intended behavior, i could not really find it documented anywhere (or failed to understand the doc, if it is).
in its simplest form, it is as follows. given is a machine with a de0, part of a simple lan. the following configuration is loaded into pf: -- set skip on de0 block log all pass in on de0 from 192.168.1.10 to any keep state -- i'm logged in from 192.168.1.12 via de0, make a fat-fingered typo of `pfctl -f all' (instead of -F all), poof, get thrown out (connection reset by peer). from 192.168.1.10, the box is accessible. logged in from 1.10, looked around, generally everything looks ok, pfctl -sa shows the rules, shows pf enabled, whatnot, but it acts as if the `set skip on de0' part was somehow forgotten. i can not verify my suspicion as i couldn't find a way to get the current (as in `loaded into the kernel') `skip these interfaces' list (shouldn't that be included in -sr anyway?), but i couldn't find any other explanations. reproducible on 3.8-stable i386 and -current (as of 2-3 days ago) alpha. what's that? thanks, -- [-] mkdir /nonexistent