> Le 2012-05-30 07:05, Jan Stary a icrit : > >It seems that pf will accept rules in pf.conf that refer > >to a nonexistent<table>. I came to know about his in > >a sadly laughable way, trying to figure out why pf redirects > >even the connections comming "from<smapd-white>" to spamd. > >Apparently, this gets treated as an empty table. > > > >This is on > >OpenBSD 5.1-beta (GENERIC) #140: Sat Jan 21 00:40:23 MST 2012 > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > > >I believe it would be an improvement if pfctl refused > >to load a ruleset that refers to nonexistent tables. > >
On May 30 13:25:48, Michel Blais wrote: > And what should happen when you delete a table ? PF should stop > because there a rule that use that table ? I am not saying that. > No, it should only don't match anymore. Agreed. > Ruleset must load even if the're nonexistent tables > for several reason like tables are deleted if empty, etc. There is a difference between an empty table and a nonexistent table, and there is a difference between a table not existing at load time and table being deleted.
