PF tables -- anchors and scope

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

PF tables -- anchors and scope

Jacob Leifman
Can anyone confirm whether it is possible to modify a global table
within an anchor? If so, what is the proper syntax for referencing it?

I have a dynamic table of addresses to block declared and updated in
the main body of pf.conf. I would like to update the same table using
'overload' operator within an anchor, however, I get "namespace
collision" warning message and a distinctly separate table created when
I try that. Interestingly, I can use global tables as the source or
destination address in any rule inside an anchor, i.e. it does work in
read-only mode (unless an anchor-local table is created per above).

This firewall is currently running 5.6 with upgrade to 5.8 being
planned for the near future.

Thank you,
-Jacob.