Put ipppool through detail testing. Your patch to ippool did correct the ippool -R -m table_name core dump problem. But there are many other things that were not addressed. ************* Problem #1. "man 5 ippool" says only ip addresses can be used as table content. Now its not worded like that but this meaning is implied. No where does it say fqdn can be used. So reading "man 8 ippool" we see the "option" -R as in ippool -l [-dvR] [-m ] [-t ] Which is defined as "-R Do not resolve IP addresses to hostnames. This just doesn't make sense. I can not find am situation where any output to the terminal defaults to showing the hostnames. So why have this option at all? I would think this option can be removed from "man 8 ippool" all together. ***************** Problem #2. ippool -R [-dnvR] [-m ] [-o ] [-t ] -R Remove an existing pool from within the kernel. Issuing "ippool -R -m table-name" results in the help syntax being shown. Issuing "ippool -R -m table-name -t tree" does remove the named table. A table name has to be unique across all table types. So requiring the -t flag in identifying the table wanted to remove is unneeded. The ippool source needs to be changed to remove this requirement. The "man 8 ippool" should show this as the syntax. ippool -R [-dnv] [-m ] ********************* Problem #3. ippool -l [-dvR] [-m ] [-t ] Issuing "ippool -l" lists the contents of all the in-core tables. Issuing "ippool -l -m table-name" lists the contents of just the named table. Issuing "ippool -l -t tree" lists the contents of all the in-core tables. It looks like the [-t ] is not being used and logically makes no sense. The "man 8 ippool" should show this as the syntax. ippool -l [-dv] [-m ] Issuing this following command outputs a report containing the number of matches for each ip address in the named table. ippool -l -d -m test poollist: opts = 0x2 Name: test Role: ipf References: 2 Hits: 0 Nodes Starting at 0xca312d00 Address: 1.161.177.165/32 Hits 0 Bytes 0 Name Ref 2 Address: 1.171.138.231/32 Hits 0 Bytes 0 Name Ref 2 Address: 110.200.28.224/32 Hits 0 Bytes 0 Name Ref 2 Address: 110.200.29.248/32 Hits 0 Bytes 0 Name Ref 2 Address: 162.243.114.84/32 The -d flag is defined as " -d Toggle debugging of processing the configuration file." I don't see any debug info being generated here. What I do see is a valuable report. This should not be happening under the pretenc of debugging. This report should have its own flag, like -h and the report should be changed to a single line containing the table ip address node plus number of hits. ********************* Problem #4. ippool -F [-dv] [-o ] [-t ] -F Flush loaded pools from the kernel. Why is [-dv] missing the n option which means -n This flag (no-change) prevents ippool from actually making any ioctl calls or doing anything which would alter the currently running kernel. Reading this I take it to mean that issuing "ippool -F -o or -t" is saying to flush ALL tables matching the -o or -t value. This doesn't make sense. The -F option in the ippool source needs to be changed removing any logic for the -o & -t option processing and add -m logic to select the named table only. The -n option logic also needs to be added. The "man 8 ippool" should show this as the syntax. ippool -F [-dvn] [-m ] and the " -F Flush loaded pools from the kernel." changed to " -F Flush loaded pool content from the kernel, leaving only empty pool name." *************************** Problem #5. ippool -A [-dnvR] [-m ] [-o ] [-S ] [-t ] -A Add a new (empty) pool to the kernel. Issuing "ippool -A -m test2 -o ipf -t tree" results in ippool: illegal option -- A The -A option in the ippool source needs to be corrected. The -o and -t options are required ******************* Problem #6. ippool -a [-dnvR] [-m ] [-o ] [-t ] [-T ttl] -i [/] -a Add a new data node to an existing pool in the kernel. The -o & -t options are not needed to identify the target table to add the node to. Issuing "ippool -a -m test 99.58.98.79" gives no errors, but issuing "ippool -l -m test" afterwards lists the content showing it containing ?(0)?/32; which is incorrect. This needs detail inspection of the ippool source to correct this. The "man 8 ippool" should show this as the syntax. ippool -a [-dnv] [-m ] [-T ttl] -i [/] ************************* Problem #7. ippool -r [-dnvR] [-m ] [-o ] [-t ] -i [/] -r Remove an existing data node from a pool in the kernel. The -o & -t options are not needed to identify the target table to remove the node from. Issuing "ippool -r -m test 99.58.98.79" gives no errors, but issuing "ippool -l -m test" afterwards lists the content showing the ?(0)?/32; is no longer there. This needs detail inspection of the ippool source to correct this. The "man 8 ippool" should show this as the syntax. ippool -r [-dnv] [-m ] -i [/] ******************** Problem #8. During the boot process these messages are issued IP Filter: v5.1.2 initialized. Default = pass all, Logging = enabled Enabling ipfilter. 132:194:ioctl(add/insert rule) cannot find source lookup pool Installing NAT rules. 0 entries flushed from NAT table 0 entries flushed from NAT list In my ipfilter rule set I have this rule; block in quick from pool/probing_ips to any Rebooting IE: reboot, halt, shutdown, commands or power off button; causes the table hit count to be lost and no table content to be reloaded into core. This really is a major problem. Have to add some kind of way to tell ipfilter to auto dump the in-core table with it's hit count information and auto restore that dumped information into core when the system is booted. Maybe adding an option flag to rc.conf ipfilter_flags="" statement defaulting to internally issuing "ippool -f /etc/ippool.conf" command or playing with the rc.d scripts is needed here. Whatever solution gets employed to solve this problem needs to be documented in "man 5 ippool" ********************* Problem #9. "man 5 ippool" needs to specify the usage of { } and ; in the ippool.conf file content like shown here; pool ipf/tree (name test;) { 1.161.177.165; 1.171.138.231; 110.200.28.224; 110.200.29.248; 162.243.114.84; 162.243.225.157; 88.211.91.195; 88.226.134.147; 99.58.98.78; 99.98.160.77; }; ************* Some of these problems are listed in the pr comments all ready.