# Creating tables to turn off internet in pf.conf



## PlinyTheElder (Jan 20, 2014)

Hi!

I am working on a hobby project and *I* need some help. I use mac osx Mac OS X whose firewalling is based on openbsd OpenBSD's packet filtering. I have some questions and *I* hope you can help me getting them cleared.


I want to disable Internet for some time on my system. My progress so far is: edit the pf.conf file using the command line, add 
	
	



```
block all
```
 at the end of the pf.conf file and save the file and then reload the pf.conf rules using the `pfctl -f /etc/pf.conf` command.
I want to create a tiny app_lication_ that will have this slider which can be adjusted and it indicates how long the Internet can be disabled (say for fifteen minutes, eight hours etc.) and someone somewhere told me this:


> Ok. You probably want to look into tables. You can create a table and make it persist even if there are zero entries in it. Then you can modify the table with pfctl commands on the fly. No need to edit the file or reload rules every time.




I am not having CS background, so you have to be patient with me. I understood what he was trying to say but *I* am not sure how to implement it. The *O*penBSD's documentation on PF tables is not so good (at least *I* didn't understand it very well). Could someone explain me how to use tables and make them persist and then ensure that all Internet traffic can be disabled by the said tables?


----------



## nanotek (Jan 20, 2014)

In pf.conf:


```
table <table_name> persist
```


----------



## PlinyTheElder (Jan 20, 2014)

Suppose I create a table named disableNet and set it to persist. Then what? I mean how can i disable all the in and out traffic using the table disableNet.


----------



## nanotek (Jan 20, 2014)

I'm not sure, but maybe something like:


```
table <LAN> persist { 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }
block in on em0 from <LAN> to any
block out on em0 from <LAN> to any
```


----------



## PlinyTheElder (Jan 20, 2014)

Could you please tell me what those({ 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }) IP addresses are?


----------



## nanotek (Jan 20, 2014)

Address allocation for private networks (see: RFC1918). Basically, those CIDRs cover all possible private network addresses.


----------



## CoTones (Jan 20, 2014)

Use anchors.


----------

