Date: Wed, 15 Oct 2008 22:32:22 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" <ermal.luci@gmail.com> To: "Jeremy Chadwick" <koitsu@freebsd.org> Cc: Peter Clark <clarkp@mtmary.edu>, freebsd-pf@freebsd.org Subject: Re: PF syntax error Message-ID: <9a542da30810151332v54c6a9a8jb00a2afbd8214b26@mail.gmail.com> In-Reply-To: <20081015202725.GA88225@icarus.home.lan> References: <48F621C2.8080405@mtmary.edu> <20081015202725.GA88225@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 15, 2008 at 10:27 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote: > On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: >> Hello, >> >> I am not sure if I should be here or over at a pf specific list but here >> is my problem. > > I've changed the CC list, so this will now go to the freebsd-pf mailing > list instead. > >> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving >> me problems. >> >> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ >> >> (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush >> global) Is it a copy-paste error or you forgot keep state in there? It should look pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ keep state(max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global) >> >> Actually the "pass in" line does not generate the error. The next line does. >> >> /etc/pf.conf:71: syntax error >> If I remove the line the error goes away (obviously). I have tried using >> the exact line from the FreeBSD pf.conf man page: >> >> (max-src-conn-rate 100/10, overload <bad_hosts> flush global) >> >> (I changed <bad_hosts> to <bruteforce>)and that generates the same >> error. I tried just using: >> (max-src-conn-rate 100/10) >> >> but that too gives me a syntax error. >> >> Any help is appreciated. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30810151332v54c6a9a8jb00a2afbd8214b26>