PF <tables>

[hunteronline]

I use a very basic pf.conf on a web server to drop known problem IPs

pf.conf:

Code:

# Tables: similar to macros, but more flexible for many addresses.
table <rfc1918> const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
table <garbage> persist file "/etc/pf.garbage.txt"
table <whitelist> persist file "/etc/pf.whitelist.txt"
table <ssh-violations> persist file "/etc/ssh-violations.txt"


block in all
block drop in quick  from <rfc1918> to any
block drop in quick from <garbage> to any
block drop in quick from <ssh-violations> to any
pass  in all

The <garbage> table had thousands of IPs in it before the rule "block drop in quick from <garbage> to any" was commented out while tracking down a problem. Pf.conf was tested and reloaded using:

pfctl -vvv -f /etc/pf.conf ; sleep 90 ; pfctl -vvv -f /etc/pf.conf.open

pfctl -vvv -f /etc/pf.conf

The problem had nothing to do with any IP in the <garbage> table and the rule was rule was re-enabled. Now when I use "pfctl -t garbage -T show" the table is empty.

pfctl -sa -r -vvv | less - loaded rules with line numbers

Is this normal or am I missing something ?

Thanks