Date: Wed, 28 Feb 2018 22:09:31 +0545 From: "Kristof Provost" <kp@FreeBSD.org> To: rgrimes@FreeBSD.org Cc: src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r330105 - head/etc/rc.d Message-ID: <4EC3BE57-F14C-4CBD-ADC1-10293B96142C@FreeBSD.org> In-Reply-To: <201802281619.w1SGJGPD020976@pdx.rh.CN85.dnsmgr.net> References: <201802281619.w1SGJGPD020976@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Feb 2018, at 22:04, Rodney W. Grimes wrote: > So might it be better to correct what it was attempting to do, > and wrap that in a conditional? I may or may not want this > to exist after a reload, and that should be my option, alternative > is for me to either edit this file, or write my own. Or having > to execute a bunch of -F commands by hand. > > It was clearly the intent of the original author to have these > flushed, fixing the mistake by removing the flushes is one way > to fix it. I am asking for consideration on that there is another > desired solution, and that both can exist with a simple knob. > Yes, but what was originally attempted was to keep the existing connections. This is currently the case. There’s no point to flushing anything before loading the new rules. If you want to be able to choose wether or not to keep the existing connections we could add a conditional `pfctl -F states`, but you can already accomplish this by calling `/etc/rc.d/pf restart` rather than `/etc/rc.d/pf reload`. I'm not sure it's worth adding a new knob. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EC3BE57-F14C-4CBD-ADC1-10293B96142C>