Getting tables to work in PF

[Dave Horsfall]

FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader 
is busted).

After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550 
5.7.1" as a hint), I thought this would be a good time to try tables so 
that it doesn't clutter my reject log.

/etc/pf.conf:

    table <spammers> persist file "/etc/spammers"
    ...
    block in log quick on $ext_if from <spammers> to any

/etc/spammers:

    # netman.cust.fsi.io
    216.66.15.120

and restart.  File gets read, but it's not blocking.  OK, add it in by 
hand:

    aneurin# pfctl -t spammers -Tadd 216.66.15.120
    No ALTQ support in kernel
    ALTQ related functions disabled
    1 table created.
    1/1 addresses added.

Odd.  So the table is now created, but it still ain't blocking.  Adding it 
a second time is ignored.

I also tried blocking woodpeckers (those which retry *seconds* later).

/etc/pf.conf:

    table <woodpeckers> persist
    ...
    block in log quick on $ext_if from <woodpeckers>
    # No more that 10/IP, or 5/minute should be plenty.
    pass inet proto tcp from any port smtp \
	flags S/SA keep state \
	(max-src-conn 10, max-src-conn-rate 5/60, \
	overload <woodpeckers> flush global)

Nope.  Try by hand:

    aneurin# pfctl -t woodpeckers -T add 212.192.226.180       
    No ALTQ support in kernel
    ALTQ related functions disabled
    1 table created.
    1/1 addresses added.

Nope.  Nothing in the log, and "pfctl -t woodpeckers -T show -v" reports 
no matches.

As a quick test, I disallow *all* SMTP.  Still works.

So, err, does PF actually work?  Have I stuffed up somewhere?

Thanks.

-- 
Dave Horsfall (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)