Ouch, that’s a bummer. Has there been any attempts to try and resolve this
matter?
> 21. jun. 2017 kl. 04.40 skrev Jacob Leifman <jac...@bitwise.net>:
>
> On 20 Jun 2017 at 14:17, Alen Mistric wrote:
>
>> Howdy!
>>
>> I have a global table defined in pf.conf that I would like to use in
>> both the main rule set and inside an anchor. However, I keep getting
>> a namespace collision when I reload the configuration file. I can't
>> quite figure out from reading the man pages if you're not supposed
>> to use a global table inside an anchor or if I'm just doing it the
>> wrong way. Any ideas?
>
> Unfortunately, this is a known limitation in current PF -- you can use global
> tables
> in an anchor strictly in read-only mode. Any attempt to modify a table within
> an
> anchor results in the creation of an anchor-local table with identical name
> which
> also prevents any subsequent access to the global table.
>
>>
>> table <bruteforce> persist
>> block quick from <bruteforce>
>>
>> pass in proto tcp to port ssh modulate state \
>> (max-src-conn-rate 5/3, overload <bruteforce> flush global)
>>
>> anchor "ftp" {
>> pass in proto tcp to port ftp modulate state \
>> (max-src-conn 2, overload <bruteforce> flush global )
>> pass in proto tcp to port { 40000:50000 }
>> pass out proto tcp to port ftp
>> }
>>
>
>
