From b99f05c396f655b79dd988cc9ef231ad185ad85b Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Sun, 16 Aug 2020 22:17:20 -0400
Subject: gateway: write more about verifying and applying the new config

---
 content/posts/openbsd-vpn-gateway/index.org | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'content/posts')

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index e2bcf9b..f77b6f8 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -356,4 +356,18 @@
       updated. This way pf is always using the IP address currently
       assigned to the interface, even if it changes.
 
-  - =pass out on $vpn_if= Pass packets out on the OpenVPN interface.
+  - =pass out on $vpn_if= Pass packets out on the VPN tunnel interface
+    interface.
+
+  After writing new PF rules, we can check our file for syntax errors
+  before loading it using the =pfctl= command.
+
+  #+BEGIN_SRC shell
+  doas pfctl -nf /etc/pf.conf
+  #+END_SRC
+
+  Assuming there are no errors, we can then load the rule set.
+
+  #+BEGIN_SRC shell
+  dosa pfctl -f /etc/pf.conf
+  #+END_SRC
-- 
cgit v1.2.3