Just wondering if there's some hidden switch for dumping the rules with numeric ports.
I personally use the nmap-services file, since it has a lot more ports documented, but the mapping from numbers to names is N to 1.... lots of ports are named the same thing, and pfctl prints symbolic names... and then cannot use them if I feed the data back to it, since names -> numbers is 1 to N. The -n flag seems ideal for this, since it is used by netstat and other programs, and it doesn't make much sense when combined with -s (doesn't do anything). -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
