Date: Mon, 8 Sep 2008 09:22:27 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Jille <jille@quis.cx> Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD 7.1-PRERELEASE Trouble Message-ID: <20080908162227.GA73221@icarus.home.lan> In-Reply-To: <48C548A8.9030204@quis.cx> References: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> <48C548A8.9030204@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 08, 2008 at 05:45:44PM +0200, Jille wrote:
> Dmitry Rybin wrote:
> > PF doesn't block some IP!!!!
> >
> > === pf.conf ===
> >
> > ext_if="bge0"
> > table <dnsflood> { 78.107.71.38 89.179.195.34 }
>
> Afaik you need to separate them with a comma (,)
This is incorrect. You can use a comma or a space, as the BNF grammar
in pf.conf specifies. Here's the grammar break-down, one step at a
time:
line = ( option | pf-rule | nat-rule | binat-rule | rdr-rule |
antispoof-rule | altq-rule | queue-rule | trans-anchors |
anchor-rule | anchor-close | load-anchor | table-rule | )
table-rule = "table" "<" string ">" [ tableopts-list ]
tableopts-list = tableopts-list tableopts | tableopts
tableopts = "persist" | "const" | "file" string |
"{" [ tableaddr-list ] "}"
tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec
Note in tableaddr-list the string: [ "," ]. This means the comma is
optional between items within the braces.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080908162227.GA73221>