ok, i've done some more investigating. i thought some tables were gone,
but they weren't. in fact, i thought my old anchors were gone, but they
weren't. i'm used to stale rules, tables, macros, being deleted when i
reload the ruleset.
this is a weird problem now. there are anchors (visible via 'pfctl -vs
Anchors') that i'd stopped using days ago, and i cannot remove them.
if i pftcl -a oldanchor -F all, it's still there! (although the stale
tables
seem to be gone, so my namespace collision warnings are gone as well)
how can i rid myself of them? pfctl -d && pfctl -e did not destroy the
old anchors. they are no longer referenced in my ruleset in any way.
there seems to be no documented way to remove an anchor (anyway,
shouldn't old anchors be toast on reloading the ruleset? i'm using
load anchor from file to get them in there..)
-steve
steve h wrote:
- i create a table <foo> in the main ruleset and stick
10.0.0.0/24 in it. i pass in from <foo> in an anchored ruleset.
the rule does not match. shouldn't tables in a 'parent' anchor
ruleset be global?
Yes. That's likely a bug. Please make a testcase.
there are some tables i use everywhere.
if i create the table in a bunch of anchor rulesets, it whines
about namespace (so i have to rename it each time...?)
It should whines only if the table is both in a parent and child
ruleset (like /table and /ruleset/table)
It should not whines if it is in two unrelated subrulesets
(like /ruleset1/table and /ruleset2/table)
If that's not the behaviour you see, then there is a bug.
Cedric
