Subject: Re: pf doesn't start normally anymore
To: Steven M. Bellovin <>
From: Martin Husemann <>
List: tech-security
Date: 08/16/2005 16:11:25
I'm not sure what interface the script should set to down (and up after the
fillter has been loaded), but wouldn't sysctl net.inet.ip.forwarding=0 work
even better? This, of course, assumes a firewall with no local servers
running (before the filter is loaded, at least).