From owner-freebsd-pf@FreeBSD.ORG Wed Oct 15 20:27:27 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9D76106568F for ; Wed, 15 Oct 2008 20:27:27 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA04.emeryville.ca.mail.comcast.net (qmta04.emeryville.ca.mail.comcast.net [76.96.30.40]) by mx1.freebsd.org (Postfix) with ESMTP id A04848FC28 for ; Wed, 15 Oct 2008 20:27:26 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA13.emeryville.ca.mail.comcast.net ([76.96.30.52]) by QMTA04.emeryville.ca.mail.comcast.net with comcast id T0dn1a00417UAYkA48TSRa; Wed, 15 Oct 2008 20:27:26 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA13.emeryville.ca.mail.comcast.net with comcast id T8TR1a00Q2P6wsM8Z8TSQ2; Wed, 15 Oct 2008 20:27:26 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=fL8Q24mehDBDap-IyugA:9 a=W6xQjslTlZ0VOzopT6sA:7 a=JjOj0Z1bilJW3VxxYefSxD5SR6YA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id B06CEC9419; Wed, 15 Oct 2008 13:27:25 -0700 (PDT) Date: Wed, 15 Oct 2008 13:27:25 -0700 From: Jeremy Chadwick To: Peter Clark Message-ID: <20081015202725.GA88225@icarus.home.lan> References: <48F621C2.8080405@mtmary.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48F621C2.8080405@mtmary.edu> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-pf@freebsd.org Subject: Re: PF syntax error X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2008 20:27:27 -0000 On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: > Hello, > > I am not sure if I should be here or over at a pf specific list but here > is my problem. I've changed the CC list, so this will now go to the freebsd-pf mailing list instead. > I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving > me problems. > > pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ > > (max-src-conn 15, max-src-conn-rate 5/3, overload flush > global) > > Actually the "pass in" line does not generate the error. The next line does. > > /etc/pf.conf:71: syntax error > If I remove the line the error goes away (obviously). I have tried using > the exact line from the FreeBSD pf.conf man page: > > (max-src-conn-rate 100/10, overload flush global) > > (I changed to )and that generates the same > error. I tried just using: > (max-src-conn-rate 100/10) > > but that too gives me a syntax error. > > Any help is appreciated. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |