What version are you running? On Thu, Sep 27, 2018 at 02:06:44PM +0200, Zbyszek Żółkiewski wrote: > At securelevel(7) set to 2, NAT rules and filter cannot be altered, however > as stated in pfctl.conf(5) manual - it is possible to modify tables by > adding/deleting entries > (https://man.openbsd.org/pf.conf.5#TABLES) > > and this works fine. Question: why it is not possible to list content of > tables?: >n > kern.securelevel=2 > pfctl -t whitelist -T show > pfctl: Operation not permitted. > > while: > kern.securelevel=1 > pfctl -t whitelist -T show > 192.168.1.7 > 192.168.1.20 > 192.168.1.25 > > and more odd, adding -v flag allow list it anyway: > > pfctl -t whitelist -v -T show > 192.168.1.7 > Cleared: Thu Sep 27 13:47:58 2018 > 192.168.1.20 > Cleared: Thu Sep 27 13:47:58 2018 > > I am bit confused, this is bug or i am missing something ? So am I. Did you add `-v' while securelevel was set to 2 or 1?
Please provide a clear way to reproduce your scenario, possibly including the table definitions from your pf.conf.
