ASSIGNMENT 1 LAB 4

Tables provide a way for incresing the performance and flexibility of rules with lare number of sources and destinatio n addresses.
    Deceleration
        table <local> { 192.168.56.10/24,192.168.9.0/32 }
        table <good_guys> persist file "/etc/good_guys"
    Rules

        pass in quick from <local> to any keep state
        pass on em0 from <good_guys> to any keep state
    commands
        to load table:- pfctl -t local -Tl -f /etc/pf.conf
        to chk table:- pfctl -t local -T show
Macros are user defined variables and are used to simplify the configuration file. They should be defined before they are referenced.
    ex:  #-----------------start of pf.conf file-------------------------
            intface= "em0"
            udp_pass= { 110 631 }
            tcp_pass= { 80 22 25 110 123 }
            pass in on $intface proto tcp from any to any port $tcp_pass keep state
Anchor provides flexibility to add and/or remove an additional chunk of rules when needed.
    Steps:
    1. At the end of pf.conf file add the following line
        anchor <anchor_name> ; eg:- anchor ftpanchor
    2. Now load your pf.conf file
        pfctl -f /etc/pf.conf
    3. declare additional rule in /etc/ftp-anchor file
        pass out proto tcp from any to port 21 keep state
        pass out proto tcp from any to port >1023 keep state
    4. Now to load these additional rules in the previour set of rules we use the following command
        pfctl -a ftpanchor -f /etc/ftp-anchor
    5. to remove these additional rules
        pfctl -a ftpanchor -F rules
    6. to chk if the rules are loaded
        pfctl -a anchor -s rules