Disallow tables and interface address pools for rdr-to, nat-to and

route-to with any other scheduling algorithms than round-robin or
least-states.  Before this change, pfctl accepted and loaded invalid
address pools, eg. "rdr-to <table> source-hash", but it is not
supported by the kernel and was silently ignored in operation.

Also clarify the manpage a bit by mentioning that tables are only
valid with round-robin or least-states.

ok zinke@

1 files changed, 3 insertions, 3 deletions

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 804c0b8f9d5..d88dcab1b02 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.522 2012/09/20 11:52:46 jmc Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.523 2012/10/18 15:18:56 reyk Exp $
 .\"
 .\" Copyright (c) 2002, Daniel Hartmeier
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 20 2012 $
+.Dd $Mdocdate: October 18 2012 $
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -1039,7 +1039,7 @@ option prevents
 from modifying the source port on TCP and UDP packets.
 .El
 .Pp
-When more than one redirection address is specified,
+When more than one redirection address or a table is specified,
 .Ar round-robin
 and
 .Ar least-states