> > This subject pretty much says it all, how does one go about applying
> > the IP packet filter rules (ipf.conf and ipnat.conf) without rebooting
> > the NetBSD machine?
>
>I'm sure there's a better way to do it but what I do, if I'm not
>completely confident that a change I made will be correct, is:
>
>ipf -D ; ipf -E -f /etc/ipf.conf ; ipnat -f /etc/ipnat.conf ; sleep 30 ; ipf -D
>
>I hit return and after a couple seconds, I hit ^C.  If the ^C makes it,
>then it doesn't "ipf -D". If not, then I know I only have to wait about
>30 seconds before I'll have access to the machine again.

i assert that it's more useful to type something (anything, doesn't
matter what, since sleep doesn't care) and *if* you see output (ie,
full-duplex echo-back is working), *then* you hit control-c.  if you
don't get echo-back, then your new filters are interfering with it
somewhere, and you can't tell if the control-c will make it (inbound
may be blocked while inbound is not) or if your return traffic is
getting dropped (outbound is blocked, but inbound is fine).

that said, i usually do pretty much the same thing.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."