I use the following script to reload pf rules. It allows me to check that what I wrote was interpreted as I intended:
#!/bin/sh test "$(id -u)" -eq 0 || exec sudo -- "$0" "$@" old=$(mktemp /tmp/pf-reload.XXXXXXXX) || exit trap "rm $old" EXIT pfctl -sr > $old || exit pfctl -f /etc/pf.conf; rc=$? test $rc -eq 0 && pfctl -sr | diff -U2 -L "old ruleset" -L /etc/pf.conf $old - exit $rc On Sat, Jan 16, 2016 at 12:31 AM, Adam McDougall <mcdou...@egr.msu.edu> wrote: > I've been using pf for years and really like it. I accidentally discovered > some undesirable behavior from the rule parser that caused some rules to be > skipped. This has happened to me twice and there was much hair pulling.
