tables


table <foo> { 10.0.0.0/8, !10.1.0.0/16,
         192.168.0.0/24, 192.168.1.18 }
pass in on dc0 from any to <foo> port 80 keep state


modify the table without ruleset reload:
pfctl -t foo -T add 192.168.2.0/23
pfctl -t foo -T remove 10.0.0.0/8