CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2024/07/14 13:51:08
Modified files:
sbin/pfctl : parse.y pfctl.c pfctl.h pfctl_optimize.c
pfctl_parser.h pfctl_radix.c pfctl_table.c
Log message:
This change allows user to define table inside the anchor like that:
anchor foo {
table <bar> { 192.168.1.1 }
pass in from <bar> to <self>
}
Without this diff one must either create table <bar> in main
ruleset (root) or use 'pfctl -a foo -t bar -T add 192.168.1.1'
This glitch is hard to notice. Not many human admins try to attach
tables to non-global anchors. Deamons which configure pf(4) automatically
at run time such as relayd(8) and spamd(8) create tables attached to
thair anchors (for example 'relayd/*') but the deamons use way similar
to pfctl(8) to add and manage those tables.
The reason why I'd like to seal this gap is that my long term goal
is to turn global `pfr_ktable` in pf(4) into member of pf_anchor.
So each ruleset will get its own tree of tables.
feedback and OK bluhm@
