> Unless I'm mistaken, /dev/pf must be owned root:wheel, so a special > group and /dev/pf with group r/w perms is out of the question (please > correct me if I'm wrong). I don't see anything wrong with running it as root.pf, and allowing group pf read/write privs. In fact, I do that on several on my boxes. -kj