Jason Dixon wrote:
Hmm. might be possible to do a typo in such a way that with DNS, it might resolve to an address, and without, it is an error. Probably wouldn't work as desired, but that may have been unnoticed. Or maybe I shouldn't speculate when over-tired.Not a bad idea, but nothing like that. I never use hostnames in my rulesets.
Nor do I, but I've typo'ed macros before that have caused similar problems, i.e. forgetting the '$'. I think the jury's out until we can see the pf.conf...
sk
