On 2008-07-28, Charlie Clark <[EMAIL PROTECTED]> wrote: > Stuart Henderson wrote: >> On 2008/07/28 11:37, Charlie Clark wrote: >> >>>> don't you have some way to handle the other situations where pfctl -sr >>>> doesn't output exactly what pfctl -f was fed as input? how do you handle >>>> macros or the ruleset optimiser? >>>> >>>> >>> There are no macro's as I'm using fwbuilder to build the >>> ruleset and isn't the ruleset optimiser is set using a set >>> option, >>> >> >> it's on by default. >> >> > In this case would 'pfctl -sr' or 'pfctl -sn' not show the new optimized > ruleset? >
Yes, and it won't match what you fed it. So your diff will fail won't it?
