It seems that pf will accept rules in pf.conf that refer
to a nonexistent <table>. I came to know about his in
a sadly laughable way, trying to figure out why pf redirects
even the connections comming "from <smapd-white>" to spamd.
Apparently, this gets treated as an empty table.
This is on
OpenBSD 5.1-beta (GENERIC) #140: Sat Jan 21 00:40:23 MST 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
I believe it would be an improvement if pfctl refused
to load a ruleset that refers to nonexistent tables.
Jan
