I just discovered something unexpected using pfctl and tables. I'm far from a networking guy and apparantly I can't type either.
Try this on a patched 6.3 amd64. $> uname -mrsv OpenBSD 6.3 GENERIC.MP#10 amd64 The following are a couple CIDRs for amazon. $> pfctl -t sample -T add 176.0.0.0/8 1 table created. 1/1 addresses added. $> pfctl -t sample -T add 205.251.192.0/18 1/1 addresses added. $> pfctl -t sample -T show 176.0.0.0/8 205.251.192.0/18 -- Now enter a mangled ip for ebay ... $> pfctl -t sample -T add 66.135.216.190.216 2/2 addresses added. $> pfctl -t sample -T show 127.0.0.1 176.0.0.0/8 205.251.192.0/18 ::1 I expected this to fail with something like: $> pfctl -t sample -T add 66.135.216.190.216 0/1 addresses added. -- I just want to bring this to your attention. As always, big thanks to Theo for his great leadership and to all the past and present devs for the gift of OpenBSD !!! Have a great weekend ahead !!!
