>     the idea is the dhcp/bootp traffic for client should be covered by 'pass
>    all' rule.  the semi-working diff is attached for reference.

I worry quite a lot about this proposal since it presumes people have
written their pf.conf files according to a particular style.

Anyone using dhcpd and a hand-written pf.conf is have a pretty bad time
with this, and I do not believe forwarn communication will change
anything.

As a second point, I think the components of the solution are very
complicated compared to the existing bpf approach.