Hi, I have a problem with tables in pf in that I can add addresses and/or network blocks to tables and don't get them recognized until I reload the filter rules. Example:
# pfctl -T a -t extra-oekonet-dst 172.16.19.0/24 1/1 addresses added. # pfctl -T s -t extra-oekonet-dst 172.16.19.0/24 ... # /sbin/pfctl -s s |grep 172.16.19 # /usr/sbin/tcpdump -ni pflog0 tcpdump: listening on pflog0, link-type PFLOG 18:51:10.097656 192.168.1.6 > 172.16.19.129: icmp: echo request (DF) 18:51:11.097422 192.168.1.6 > 172.16.19.129: icmp: echo request (DF) 18:51:12.097379 192.168.1.6 > 172.16.19.129: icmp: echo request (DF) ^C 45 packets received by filter 0 packets dropped by kernel # /sbin/pfctl -f pf.conf pfctl: warning: namespace collisions with 44 global tables. # After the last command, traffic starts to move between 192.168.1.6 and 172.16.19.129. I thought that pf should pick up changes in the tables at once and not require reloading the rule set. The machine where I took this example from, runs 4.7-stable/i386, but I saw this problem on 4.6 hosts, too. Any ideas about what might cause this problem? Kind regards, --Toni++
