Subject: Re: pf doesn't start normally anymore
To: Luke Mewburn <>
From: Mipam <>
List: tech-security
Date: 08/11/2005 11:11:20
On Thu, 11 Aug 2005, Luke Mewburn wrote:

> On Thu, Aug 11, 2005 at 12:13:56AM +0200, Mipam wrote:
>   | Also there is no problem running pf after the complete boot.
>   | What could be the problem here?
> For the same rationale that rc.d/ipfilter aborts the boot:
> if you accidentally install a broken packet filter ruleset
> and reboot the system you may end up with a running system
> that has less strict filter rules than you expect.
> With the change made to rc.d/pf, pf now acts as the startup
> for IPfilter.

Thing is that i do not have a broken packet filter ruleset.
The same ruleset always worked normally without problems, it also 
works on openbsd. I didn't change anything to my ruleset.
However, after i installed the new rc.d/pf it complains about my
ruleset. How is it possible that it never complained about it and after 
installing the new pf script it does? This is the point i do not 
comprehend. Perhaps the user "proxy" isn't known when the pf script starts 
running now? Cause that's the line it complains about. When NetBSD has 
booted completly, it doesn't complain at all. I've showed you the line 
about which pf complained. I used this line for over a year and never had 
complains about it. Now all over sudden it does.
If the rule i'm using actually is wrong, could you please give me a hint 
what is wrong about it?