On Thu, Dec 29, 2005 at 07:28:46PM -0500, Forrest Aldrich wrote: > [EMAIL PROTECTED] grep 61.168.43 /etc/pf.d/abuse > /etc/pf.d/abuse:61.168.43.0/24 > > (okay, the entry is there and is valid)
No, it's not. If you quoted both your command and the result verbatim, the file literally contains the line "/etc/pf.d/abuse:61.168.43.0/24", grep doesn't print any file names when invoked like that. But that would produce an error message when pf.conf is loaded, which you'd surely have spotted. > echo $entry >> /etc/pf.d/abuse 61.168.43.0/24 This looks suspicious as well. Is $entry really empty? If so, what's the point of the variable? Manually run # grep 61.168.43 /etc/pf.d/abuse | hexdump -C then # pfctl -t abuse -Tr -f /etc/pf.d/abuse && echo yes then # pfctl -t abuse -Ts | grep 61.168.43 | hexdump -C and quote the output of each command verbatim (stdout and stderr), not something resembling the real output, but the real output itself, without any changes. The mistake must be somewhere in your manipulations of the table. As long as pfctl -Tt doesn't show the address matching, you can forget arguing about the ruleset as a whole, none of the rules using <abuse> will match. Daniel
