On 2008-10-24, Vadim Zhukov <[EMAIL PROTECTED]> wrote:
>> -T load Load only the table definitions from pf.conf(5).
>> This is used in conjunction with the -f flag, as
>> in:
>>
>> # pfctl -Tl -f pf.conf
>
> Console session (same result on another PC with older customized kernel):
>
> /etc$ dmesg | head -2
> OpenBSD 4.4-current (GENERIC.MP) #890: Tue Sep 30 19:36:22 MDT 2008
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> /etc$ sudo fgrep '<xx>' pf.conf
> table <xx> { 1.2.3.4, 2.3.4.5 }
> /etc$ sudo pfctl -T load -f pf.conf && echo OK
> OK
> /etc$ sudo pfctl -t xx -T show
> pfctl: Table does not exist.
> /etc$
>
> "const" modifier doesn't help either. Loading rules file without "-Tl"
> doesn't help too - altough it works at system startup. "-vv" doesn't
> give any clues I have no 4.3 or older machine now, so I cannot check if
> this is something "fresh". :(
>
> Ignoring the fact that I'll update this PC to fresh snapshot in a week,
> can anyone at least verify that he does (not) see the same behavior
> there? Or does I miss something obvious?
>
I see that behaviour if the table is not referenced in a rule (whether
or not it's marked const, whether or not the optimizer is enabled). And
it does correctly get marked const ("c" flag in -sT -v).
$ echo 'table <zz> const {1.2.3.4}' | sudo pfctl -f -
$ sudo pfctl -sT
$ echo 'table <zz> const {1.2.3.4}' | sudo pfctl -f - -o none
$ sudo pfctl -sT
$ echo 'table <zz> const {1.2.3.4}\npass to <zz>' | sudo pfctl -f -
$ sudo pfctl -sT -v
c-a-r-- zz
$ sudo pfctl -F T
1 tables deleted.
$ echo 'table <zz> const {1.2.3.4}\npass to <zz>' | sudo pfctl -Tl -f -
$ sudo pfctl -sT -v
c-a-r-- zz
$ sysctl kern.version
kern.version=OpenBSD 4.4-current (GENERIC) #1115: Tue Oct 21 15:52:47 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
