Hello, </snip> > > > > So how people feel about changing '-Fa' to kill all rules and tables, not > > just > > those, which are attached to main ruleset (root)? > > > > thanks and > > regards > > sashan > > > > IMHO this is a needed feature, but I agree with your hesitation about > using -Fa. This would be convenient to type, but the current documentation > for pfctl -a says: > > "In addition to the main ruleset, pfctl can load and manipulate > additional rulesets by name, called anchors. The main ruleset is the > default anchor." > > The wording is slightly awkward but I read this as saying the current > behaviour is intended. > > There's an obvious alternative user interface for this. Currently > -a '*' is only described in conjunction with -s, but it would feel > natural to allow this to be used with -F as well, e.g. > > # pfctl -a '*' -Fa >
I like this idea to interpret "-a '*'" option in conjunction with '-F...' in the same way we do it for "-s" already. I also like tedu's idea to introduce a '-Freset'. I'll try to cook up some diffs. One diff will deal with "-a '*' -F..." the other will bring '-Freset'. thanks and regards sashan