Re: nonexistent tables in pf.conf

2012-05-30 Thread Theo de Raadt
> On May 30 12:14:22, Theo de Raadt wrote: > > > There is a difference between an empty table and a nonexistent table, > > > and there is a difference between a table not existing at load time > > > and table being deleted. > > > > Since you have such firm opinions, perhaps you should write your >

Re: nonexistent tables in pf.conf

2012-05-30 Thread Jan Stary
On May 30 14:29:01, Tony Abernethy wrote: > Jan Stary wrote: > >There is a difference between an empty table and a nonexistent table, > >and there is a difference between a table not existing at load time > >and table being deleted. > > Exactly what difference in behavior is expected? If a table

Re: nonexistent tables in pf.conf

2012-05-30 Thread Jan Stary
On May 30 12:14:22, Theo de Raadt wrote: > > There is a difference between an empty table and a nonexistent table, > > and there is a difference between a table not existing at load time > > and table being deleted. > > Since you have such firm opinions, perhaps you should write your > own packet

Re: nonexistent tables in pf.conf

2012-05-30 Thread Tony Abernethy
Jan Stary wrote: >There is a difference between an empty table and a nonexistent table, >and there is a difference between a table not existing at load time >and table being deleted. Exactly what difference in behavior is expected? This seems too much like NULL pointer exceptions in Java, where th

Re: nonexistent tables in pf.conf

2012-05-30 Thread Theo de Raadt
> There is a difference between an empty table and a nonexistent table, > and there is a difference between a table not existing at load time > and table being deleted. Since you have such firm opinions, perhaps you should write your own packet filter.

Re: nonexistent tables in pf.conf

2012-05-30 Thread Jan Stary
> Le 2012-05-30 07:05, Jan Stary a icrit : > >It seems that pf will accept rules in pf.conf that refer > >to a nonexistent. I came to know about his in > >a sadly laughable way, trying to figure out why pf redirects > >even the connections comming "from" to spamd. > >Apparently, this gets treated a

Re: nonexistent tables in pf.conf

2012-05-30 Thread Michel Blais
And what should happen when you delete a table ? PF should stop because there a rule that use that table ? No, it should only don't match anymore. Ruleset must load even if the're nonexistent tables for several reason like tables are deleted if empty, etc. Le 2012-05-30 07:05, Jan Stary a icri

nonexistent tables in pf.conf

2012-05-30 Thread Jan Stary
It seems that pf will accept rules in pf.conf that refer to a nonexistent . I came to know about his in a sadly laughable way, trying to figure out why pf redirects even the connections comming "from " to spamd. Apparently, this gets treated as an empty table. This is on OpenBSD 5.1-beta (GENERIC