Since you will be using 3.3, consider anchor rules and tables instead they provide a much better interface to rule/address modifications check the sources for spamd, authpf and pfctl for implementation details.
Can On Wed, Mar 12, 2003 at 05:00:48PM +0100, Marc Balmer wrote: > Hi > > I am upgrading my cmd counter measures daemon to 3.3 current. cmd > listens on pflog0 and modifies pf rules through the pf device using > ioctl calls (yes I know, dynamic firewalls are disbutable and open > doors to all kind of DoS attacks...). [snip]