On 4/21/06, Daniel Hartmeier <[EMAIL PROTECTED]> wrote: > I think it's expected that -N only reads and honours NAT rules, and > ignores anything else, including any options like 'set skip'. The man > page is clear on that, IMO. > > What isn't so clear is whether it should first clear (reset) all options > before loading the new NAT rules. Basically, any invokation that changes > something first resets the options.
Yeah, it isn't very clear. > You'll have to add the -O option to the invokation to re-parse and > reload the options after the (implicit) reset. -N isn't special in that > regard, -R behaves the same. Whether the man page is clear about the > result of using a combination of -N, -R, and -O simultanously, I'm not > sure. Looking over the man page, -N and -R are pfctl options that ignore all other options, and -O only loads options and ignores all other options. Which options though? The ones on the command line (which the man page calls options) or the options in the pf.conf file (also called options in the man page)? I'll opt to suggest option is a little overused. Whatever happened to parameters, switches, and arguments? :) > You could argue the case that -N (and -R) shouldn't cause an implicit > option reset, but only a plain -f should. But that's not up to me to > decide, and it's not a simple implementation buglet, but at least > somewhat intentional ;) I'll see if anyone else has any opinions on this before I ask on misc@ Thanks for the great answer. -- Jon
