On 2006/09/09 16:40, steve szmidt wrote: > I also added proper data to all table files to ensure it does not mess things > up. Though the persist command should allow for empty files.
Do your tables actually load? Check pfctl -t tablename -Ts. If not, does pfctl -vvt tablename -Tr -f /path/to/file offer clues? > pass out log on $WAN proto tcp from <managers> to <http-managers> port $Web Remember the DNS lookup happens only when the rules are loaded. Is it acceptable to lose access to these sites when they change address? Also by listing names right in PF config or tables you're relying on working DNS to load the rules correctly. Consider whether using an http proxy might be a better choice...
