From owner-freebsd-pf@FreeBSD.ORG Sat Dec 27 10:32:34 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B58CC268 for ; Sat, 27 Dec 2014 10:32:34 +0000 (UTC) Received: from dmx.stonepile.fi (susi.stonepile.fi [84.22.97.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7736766A80 for ; Sat, 27 Dec 2014 10:32:33 +0000 (UTC) Received: from mac.stonepile.fi (mac.stonepile.fi [192.168.60.209]) by dmx.stonepile.fi (Postfix) with ESMTPSA id 6F1B79CEC1; Sat, 27 Dec 2014 12:22:53 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=stonepile.fi; s=k1; t=1419675773; bh=NR6jGAmihu1wjNCR+JFsoio9LipMdTVKYrHGd0P0nRA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=mcr99QSbY30Xxn7pxSiSHJRGIJqcDA1TKBLms6qmnGM0lk7noQc1WnBirTS9B2g4D mjDfEACsYXn5TMwR2pLsQLjEJPKOUCg2cbATRc6P4YVvCsEPIxTeENotsZbxJ+1wzJ 13F5oOjZt/qMQJKq5dpqFFXTavu6aDUlQOSIwI64= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: pf anchor issues From: Ari Suutari In-Reply-To: Date: Sat, 27 Dec 2014 12:22:51 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi> References: To: krichy@tvnetwork.hu X-Mailer: Apple Mail (2.1993) Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 10:32:34 -0000 Hi, > On 25 Dec 2014, at 22:30 , krichy@tvnetwork.hu wrote: > I am going to set up a ruleset, in which for optimisation purposes I = am going to use anchors with filters. Playing with it ended at, = unfortunately table handling in anchors simply does not work. I am still = trying to dig deep into the source, but I am not sure that I will find = the solution. So, the basic example is here: >=20 > --- > table { 10.1.1.1 } >=20 > anchor on xn0 { > pass quick from to any > } >=20 You must add =E2=80=9Cpersist=E2=80=9D keyword to table, like this: table persist { 10.1.1.1 } I=E2=80=99m using tables inside anchors in two firewalls like this and = it works ok. Ari S.