Date: Sun, 28 Oct 2007 21:46:27 +0100 From: Paul Schenkeveld <fb-stable@psconsult.nl> To: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf broken in 7.0-BETA1 ? Message-ID: <20071028204627.GA4666@psconsult.nl> In-Reply-To: <4724E460.1050309@amb.kiev.ua> References: <4724D6EE.6050004@amb.kiev.ua> <9a542da30710281214v79cd332fx69b8806db2895836@mail.gmail.com> <4724E460.1050309@amb.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 28, 2007 at 04:34:56PM -0300, Andrew Birukov wrote:
> Ermal Luçi wrote:
> >Try using
> >
> >pass out on $ext_if proto tcp from any to any tos 0x10 no keep state queue
> >ssh
> >
> >and it should work as you expect!
>
> pf.conf
> -------------------------------------------------------------------
> ext_if="xl0"
>
> altq on $ext_if priq bandwidth 520Kb queue { ssh, traf }
> queue ssh priority 1
> queue traf priority 15 priq(default)
>
> pass in all
> pass out all
>
> pass out on $ext_if proto tcp from any to any tos 0x10 no keep state
> queue ssh
> -------------------------------------------------------------------
>
> # /etc/rc.d/pf restart
> Disabling pf.
> pf disabled
> Enabling pf.
> /etc/pf.conf:10: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
> pf enabled
>
> Unfortunately syntax error...
Should be "no state" according to pf.conf(5)
> --
> Andrew Biriukov
> amb@amb.kiev.ua
Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071028204627.GA4666>