Hi, On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto <matteo.filippe...@gmail.com> wrote: > for me it works good ... just don't use -R option > > http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502
thanks for this link. Not using "-R" is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. A clarification in the docs is imho the way to go. My 'nroff' is almost nonexistant, but here's a diff: --- pfctl.8.orig Wed Jun 11 09:23:36 2008 +++ pfctl.8 Mon Mar 15 12:53:04 2010 @@ -354,7 +354,9 @@ Only print errors and warnings. .It Fl R Load only the filter rules present in the rule file. -Other rules and options are ignored. +Other rules and options are ignored. If you are using +tables, you need to also specify one of "-T load" or +"-o none". .It Fl r Perform reverse DNS lookups on states when displaying them. .It Fl s Ar modifier Kind regards, --Toni++