* Michel Blais <mic...@targointernet.com> [2012-04-17 16:52]:
> I'm using 5.0 and I saw a strange behavior with table and in bracket anchor.
>
> From my test, in bracket anchor can't have tables inside of them and
> are using the main ruleset tables but if I create a table only use
> by rule inside of a in bracket anchors, pf will see no rule using
> the table and delete it. As a work around, I use persist option.
>
> Exemple :
>
> table <test> { 10.14.255.10 }
> anchor in on $int_if from 10.14.255.0/24 {
> block in quick from <test>
> }
>
> pfctl -f /etc/pftest.conf
> pfctl -sT give me nothing.
>
> If I add persist the the the table test, now the table test will be
> shown via pfctl -sT and address inside of it will be block. I don't
> know if it's a desired behavior cause by a limitation or a
> unexpected case since I can't find anything about in bracket anchors
> and tables.
that is ... at least a bit fishy. the referencing rules distinguish
between tables in the anchor and "further up".
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
