From owner-freebsd-pf@FreeBSD.ORG Wed Oct 15 20:52:31 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5402106568A for ; Wed, 15 Oct 2008 20:52:30 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by mx1.freebsd.org (Postfix) with ESMTP id 9D4CF8FC08 for ; Wed, 15 Oct 2008 20:52:29 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so902489qwb.7 for ; Wed, 15 Oct 2008 13:52:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=5Vp4hCxhKSlqBhIfsNgHliqzn9RcGxBxYKtVaDliv5w=; b=S18HMQzNGWT5N7N0HsGtnJN9evkeoiAsL4eqVZKGU1OCOzft0YOiFG6SwjUeDtkGWF 2w5lrjQlMVeW8uR2r2h0Cfkw7IqScaEjg5Wt+2gbtu6AI8sgKg5hGyeaqlaGB+/iPzHU wN3z1zeS9bt2Bo7XqSge6aQVWtzgDu4Z2v4aI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=IbMOBpfqGwZwFmhi62PJ1tMzYRKHj7zDZEp26aZKCnOgWrnfIkBfmvSmcmpr/h75pN S/q+Ixg8OCY4EauCU2vO9qVTBwWwyhQwyxo5c+Pj5zBPwFY8vK7SAcRzGidqHid6OdwZ TxFfgdOXSJeH+GnruS2FKflaeemzkuLeq0rfU= Received: by 10.214.181.1 with SMTP id d1mr1721910qaf.1.1224102742888; Wed, 15 Oct 2008 13:32:22 -0700 (PDT) Received: by 10.214.43.4 with HTTP; Wed, 15 Oct 2008 13:32:22 -0700 (PDT) Message-ID: <9a542da30810151332v54c6a9a8jb00a2afbd8214b26@mail.gmail.com> Date: Wed, 15 Oct 2008 22:32:22 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: "Jeremy Chadwick" In-Reply-To: <20081015202725.GA88225@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48F621C2.8080405@mtmary.edu> <20081015202725.GA88225@icarus.home.lan> Cc: Peter Clark , freebsd-pf@freebsd.org Subject: Re: PF syntax error X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2008 20:52:31 -0000 On Wed, Oct 15, 2008 at 10:27 PM, Jeremy Chadwick wrote: > On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: >> Hello, >> >> I am not sure if I should be here or over at a pf specific list but here >> is my problem. > > I've changed the CC list, so this will now go to the freebsd-pf mailing > list instead. > >> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving >> me problems. >> >> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ >> >> (max-src-conn 15, max-src-conn-rate 5/3, overload flush >> global) Is it a copy-paste error or you forgot keep state in there? It should look pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ keep state(max-src-conn 15, max-src-conn-rate 5/3, overload flush global) >> >> Actually the "pass in" line does not generate the error. The next line does. >> >> /etc/pf.conf:71: syntax error >> If I remove the line the error goes away (obviously). I have tried using >> the exact line from the FreeBSD pf.conf man page: >> >> (max-src-conn-rate 100/10, overload flush global) >> >> (I changed to )and that generates the same >> error. I tried just using: >> (max-src-conn-rate 100/10) >> >> but that too gives me a syntax error. >> >> Any help is appreciated. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal