Solved Persisted table file size for pf blocked tables

Since I want to persist one of the tables of blocked ip addresses in my pf, I have a line in my pf.conf that looks like this:
Code:
table <bad_ips> persist file "/etc/bad_ips"

I check that it works by doing
pfctl -t bad_ips -T show
and it gives a small list of added ip addresses

But when I do
ls -lh /etc/bad_ips
it shows
-rw-r--r-- 1 root wheel 0B Sep 23 02:27 /etc/bad_ips

How can the size of the file be zero bytes when there is some content in it? Is the internal implementation of pf table file persistence different?
 
I think you're misunderstanding the concept here: pf isn't going to automatically update that file for you, it will only read its contents and when applicable add those to the table. No more, no less.
 
“Persist” == don’t delete the table when empty.

Use a cron job like pfctl -q -t tablename -T show > /var/db/bad_ips to periodically save the state. (Path should obviously match what you use, but i’d suggest saving it in var rather than etc.)
 
I think you're misunderstanding the concept here: pf isn't going to automatically update that file for you, it will only read its contents and when applicable add those to the table. No more, no less.

Yes, you are right; I had (mis)understood it to use that file location for the table contents. Thank you for the clarification.
 
“Persist” == don’t delete the table when empty.

Use a cron job like pfctl -q -t tablename -T show > /var/db/bad_ips to periodically save the state. (Path should obviously match what you use, but i’d suggest saving it in var rather than etc.)

Thanks for explaining it properly. So I have to update the file myself and then pf will read its contents into the named table...
 
Back
Top