On Wed, Mar 13, 2013 at 1:59 PM, Michel Blais <[email protected]> wrote: > I think you must specify the anchor first. Something like : > > pfctl -a ix1 -t admins -T show
That doesn't work. First, it's an unnamed anchor, so I don't think you can specify it with the -a option. Second, inbound connections to port 22 are rejected in the first case, but not in the second. The table is removed as though it was unreferenced, so the pass rule in the anchor doesn't match any source IPs. - Max
