By: Nilesh

Nilesh — Mon, 17 Jan 2011 10:16:00 +0000

Saviour!

By: eigenheit

eigenheit — Tue, 23 Jun 2009 01:22:30 +0000

Thinking about it the command -nf is very useful in testing new rules, you are always kept behind your trustful gateway.

By: gregf

gregf — Wed, 13 May 2009 22:53:50 +0000

This is great, although you might already have a working rule set. In which case you wouldn’t want to take down the whole firewall over a mistake. My working method has been about the same as above, but I keep new rules in there own file pf.testing. Then you can do the 120 second delay to load the original set if things went wrong. This way there is no open hole(s) in your firewall while your testing. Obviously it’s highly unlikely you’ll have an attack the moment you bring the firewall down. I just think it’s better practice if there is a choice.

Comments on: Reset PF Firewall Automatically While Testing Configuration With Remote Server Over SSH Session

By: Nilesh

By: eigenheit

By: gregf