Date: Wed, 15 Oct 2008 16:19:52 -0500 From: Peter Clark <clarkp@mtmary.edu> To: Jon Radel <jon@radel.com> Cc: freebsd-pf@freebsd.org, =?ISO-8859-1?Q?Ermal_Lu=E7i?= <ermal.luci@gmail.com> Subject: Re: PF syntax error Message-ID: <48F65E78.9060905@mtmary.edu> In-Reply-To: <48F65AD9.808@radel.com> References: <48F621C2.8080405@mtmary.edu> <20081015202725.GA88225@icarus.home.lan> <9a542da30810151332v54c6a9a8jb00a2afbd8214b26@mail.gmail.com> <48F65AD9.808@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Radel wrote: > Ermal Luçi wrote: >> On Wed, Oct 15, 2008 at 10:27 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote: >>> On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: >>>> Hello, >>>> >>>> I am not sure if I should be here or over at a pf specific list but here >>>> is my problem. >>> I've changed the CC list, so this will now go to the freebsd-pf mailing >>> list instead. >>> >>>> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving >>>> me problems. >>>> >>>> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ >>>> >>>> (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush >>>> global) >> Is it a copy-paste error or you forgot keep state in there? >> It should look >> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ >> keep state(max-src-conn 15, max-src-conn-rate 5/3, overload >> <bruteforce> flush global) > > And here I thought "keep state" was the default in the pf shipped with > FreeBSD 7.0.... > > Actually, it is, as is "flags S/SA" on TCP connections. Those defaults > came in with the PF from OpenBSD 4.1, which is what is used in FreeBSD 7.0. > > --Jon Radel > A number of people all stated (on this list and on questions-freebsd) that it was because I was missing "keep state" from the directive. Sure enough, when I added that it worked. I am curious why this particular syntax is different from the default of "flags S/SA keep state" for the rest of the connections. Is it only on FreeBSD? Thank you for looking at this. Peter Clark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F65E78.9060905>