On Tue, Feb 14, 2006 at 08:31:28AM -0500, matthew sporleder wrote:
> I was just following the docs on netbsd.org.  :)
> http://www.netbsd.org/Documentation/network/pf.html
> 
> The BEFORENET thing seems to have done the trick.  (I'm using one-big
> /, so all of those other problems don't affect me.)
> 

The documentation was incorrect and I've corrected it now.

> Should I keep pf_boot=YES in rc.conf as well?
> 

It's not necessary, because it's not used at all.

> I think pf_boot is a bit redundant, personally.  Couldn't those rules
> just be added to the default pf.conf?

It's not redundant, pf_boot exists to load initial rules which are used
while the network is being configured. See pf.boot.conf(5) for details.
The real configuration is loaded after the network is configured. This
is needed because some pf rules derive addresses from interfaces, i.e.
"pass in quick from fxp0" will not work when fxp0 doesn't have an IP address.

-- 
Peter Postma