On Tue, 22 Feb 2005 12:08:01 -0500 in <RFJSd.91884$vO1.574283@nnrp1.uunet.ca> clvrmnky <clvrmnky-uunet@coldmail.com.invalid> wrote:
>
> Interesting. I have no idea what I would do with such a thing, myself.
> I see PF as sort of a "fire and forget" thing. Only the occasional
> tweak is ever required on my node. Obviously, pfctl fills this need
> quite well.
>
> What problem would this solve for you or others? I'm curious.

Sniffer/IDS driven pf rulesets.

What I don't understand is why a command line tool as opposed to
using the PF APIs directly, or providing such access in perl, python,
or lisp bindings.
The latter would seem to be more useful, especially if a DBD/DBI
style approach was taken to embrace other firewall solutions.
--
Chris Dukes
Suspicion breeds confidance -- Brazil