Date: Wed, 28 Feb 2018 08:54:04 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended Message-ID: <bug-127814-17777-VfZjBMKYQr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-127814-17777@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Feb 28 08:53:07 UTC 2018 New revision: 330105 URL: https://svnweb.freebsd.org/changeset/base/330105 Log: pf: Do not flush on reload pfctl only takes the last '-F' argument into account, so this never did what was intended. Moreover, there is no reason to flush rules before reloading, because pf keeps track of the rule which created a given state. That means that existing connections will keep being processed according to the rule which originally created them. Simply reloading the (new) rules suffices. The new rules will apply to new connections. PR: 127814 Submitted by: Andreas Longwitz <longwitz at incore.de> MFC after: 3 weeks Changes: head/etc/rc.d/pf -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-127814-17777-VfZjBMKYQr>