I have been working with OpenBSD since 2.6, have deployed it in many roles. Have hacked authpf to have authpfnoip with ip functionality (there is a reason!). So I have some experience with the OS...mostly as an implementer/admin not a dev type.
Motivation: I am configuring a 'segregating' Openbsd based firewall that I want to maximize the auditibility/accountability on/for. Question/Suggestion: So why does pfctl not appear to (I could not find a command line option - nor previous request) log to syslog every command (who when what exit status) that changes anything within the pf context such as : rules, table contents, states? I don't want the detailed changes that may occur within pf - just establishing accountability. Scott Donaldson
