>> I don't know how atomic that is: is the table either empty >> or does it contain all the addresses in the file? I would >> guess the addresses are added as they are read, just like >> when you add them manually. >> > >That is a wrong guess. pf tries to do things atomically when it makes >sense is the general rule.
Yep, great effort was put into making the /dev/pf ioctl interface support a number of atomic request/changes.
