Date: Wed, 21 Mar 2018 09:58:32 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended Message-ID: <bug-127814-17777-fmlWhiRKoa@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-127814-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-127814-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Mar 21 09:57:30 UTC 2018 New revision: 331289 URL: https://svnweb.freebsd.org/changeset/base/331289 Log: MFC 330105: pf: Do not flush on reload pfctl only takes the last '-F' argument into account, so this never did what was intended. Moreover, there is no reason to flush rules before reloading, because pf keeps track of the rule which created a given state. That means that existing connections will keep being processed according to the rule which originally created them. Simply reloading the (new) rules suffices. The new rules will apply to new connections. PR: 127814 Submitted by: Andreas Longwitz <longwitz at incore.de> Changes: _U stable/10/ stable/10/etc/rc.d/pf -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-127814-17777-fmlWhiRKoa>