Holy crap, pf rocks

Sat down tonight to create a firewall for a new OpenBSD web server I'm setting up, and holy crap is pf ever good. I got to test the firewall syntax before loading it, and as a result I had a working firewall the first fucking time I loaded it. That's never happened before; I full expected that this time, as every other time with a new firewall (let alone a new firewall language!), I'd have to reboot or log in with a keyboard or serial cable, or something.

But no: not only did I not lock myself out, not only was this the first time (well, nearly) that I'd read the FAQ, the firewall does everything I wanted it to: no extra packets in, no extra packets out. Wow.

Alioth was right: pf just rocks.