On Wed, Sep 12, 2018 at 02:05:25PM +0200, Alexander Bluhm wrote:
> On Tue, Sep 11, 2018 at 12:17:05PM +0200, Klemens Nanni wrote:
> > Now `t' under the anonymous anchors (internally named "_1") must not be
> > modified through pfctl:
> >
> > # pfctl -a _1 -t t -T flush
> > 0 addresses dele
On 2018/09/12 17:38, Jason McIntyre wrote:
> On Wed, Sep 12, 2018 at 02:05:25PM +0200, Alexander Bluhm wrote:
> >
> > > + warnx("anchors apply to -f, -F, -t and -s only");
> >
> > If I understand English comma rules correctly, there is also a comma
> > before the " and". At least
On Wed, Sep 12, 2018 at 02:05:25PM +0200, Alexander Bluhm wrote:
>
> > + warnx("anchors apply to -f, -F, -t and -s only");
>
> If I understand English comma rules correctly, there is also a comma
> before the " and". At least this is what we do in the man page.
>
> bluhm
>
h
On Tue, Sep 11, 2018 at 12:17:05PM +0200, Klemens Nanni wrote:
> Now `t' under the anonymous anchors (internally named "_1") must not be
> modified through pfctl:
>
> # pfctl -a _1 -t t -T flush
> 0 addresses deleted.
Why do you think that this semantic is wrong? Why should tables
wi
On Tue, Sep 11, 2018 at 12:17:05PM +0200, Klemens Nanni wrote:
> Anchor names beginning with '_' are reserved for internal use, but this
> particular case still works:
My example is not exclusive; this effects all tables within special
anchors including those automatically created by the ruleset op
Anchor names beginning with '_' are reserved for internal use, but this
particular case still works:
Automatically create a table that's bound to a specific anchor:
# cat pf.conf
anchor {
pass keep state (max-src-conn-rate 100/10, overload )
}
# pfc
