diff --git a/Makefile b/Makefile
index a2554d2..5756b59 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
-PREFIX?=/usr/local
+PREFIX =	/usr/local
 
-CFLAGS  += -pedantic -Wall -Wextra -Wmissing-prototypes \
-           -Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
-           -Wstrict-prototypes -Wwrite-strings \
-		   -Os
+CFLAGS =	-pedantic -Wall -Wextra -Wmissing-prototypes \
+		-Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
+		-Wstrict-prototypes -Wwrite-strings \
+		-Os
 
 
 all: iblock
diff --git a/main.c b/main.c
index d1be695..cafcebc 100644
--- a/main.c
+++ b/main.c
@@ -1,24 +1,32 @@
+#include <sys/socket.h>
+#include <sys/wait.h>
+
+#include <netinet/in.h>
+
 #include <err.h>
+#include <netdb.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <netdb.h>
-#include <netinet/in.h>
 #include <syslog.h>
-#include <sys/wait.h>
 #include <unistd.h>
 
-#include <sys/socket.h>
-
 #define DEFAULT_TABLE "iblocked"
-#define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
 
-int main(int argc, char *argv[]){
+static void __dead
+usage(void)
+{
+	fprintf(stderr, "usage: %s [table]\n", getprogname());
+	exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
 	struct sockaddr_storage sock = {0};
 	socklen_t slen = sizeof(sock);
 	char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
-	char table[TABLE_LEN] = DEFAULT_TABLE;
-	int status = 0;
+	const char *table = DEFAULT_TABLE;
+	int ch, status = 0;
 	pid_t id;
 
 	if (unveil("/usr/bin/doas", "rx") != 0)
@@ -26,10 +34,20 @@ int main(int argc, char *argv[]){
 	if (pledge("exec inet proc stdio", NULL) != 0)
 		err(1, "pledge");
 
-	/* configuration */
-	if (argc == 2)
-		if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table))
-			errx(1, "table name is too long");
+	while ((ch = getopt(argc, argv, "")) != -1) {
+		switch (ch) {
+		default:
+			usage();
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (argc > 1)
+		usage();
+
+	if (argc == 1)
+		table = *argv;
 
 	/* get socket structure */
 	if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
@@ -37,10 +55,11 @@ int main(int argc, char *argv[]){
 
 	/* get ip */
 	status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip),
-						  NULL, 0, NI_NUMERICHOST);
+	    NULL, 0, NI_NUMERICHOST);
 
 	if (status != 0) {
-		syslog(LOG_DAEMON, "getnameinfo error");
+		syslog(LOG_DAEMON, "getnameinfo error: %s",
+		    gai_strerror(status));
 		exit(1);
 	}
 
@@ -56,14 +75,13 @@ int main(int argc, char *argv[]){
 			// child process
 			syslog(LOG_DAEMON, "blocking %s", ip);
 			execl("/usr/bin/doas", "doas", "/sbin/pfctl",
-				"-t", table, "-T", "add", ip, NULL);
-
+			    "-t", table, "-T", "add", ip, NULL);
 		} else {
 			// parent process
 			wait(NULL);
 			syslog(LOG_DAEMON, "kill states for %s", ip);
 			execl("/usr/bin/doas", "doas", "/sbin/pfctl",
-				"-k", ip, NULL);
+			    "-k", ip, NULL);
 		}
 		break;
 	default: