Date: Sun, 28 Oct 2007 20:34:16 -0300 From: Andrew Birukov <amb@amb.kiev.ua> To: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf broken in 7.0-BETA1 ? Message-ID: <47251C78.6090305@amb.kiev.ua> In-Reply-To: <20071028204627.GA4666@psconsult.nl> References: <4724D6EE.6050004@amb.kiev.ua> <9a542da30710281214v79cd332fx69b8806db2895836@mail.gmail.com> <4724E460.1050309@amb.kiev.ua> <20071028204627.GA4666@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schenkeveld wrote:
> On Sun, Oct 28, 2007 at 04:34:56PM -0300, Andrew Birukov wrote:
>> Ermal Luçi wrote:
>>> Try using
>>>
>>> pass out on $ext_if proto tcp from any to any tos 0x10 no keep state queue
>>> ssh
>>>
>>> and it should work as you expect!
>> pf.conf
>> -------------------------------------------------------------------
>> ext_if="xl0"
>>
>> altq on $ext_if priq bandwidth 520Kb queue { ssh, traf }
>> queue ssh priority 1
>> queue traf priority 15 priq(default)
>>
>> pass in all
>> pass out all
>>
>> pass out on $ext_if proto tcp from any to any tos 0x10 no keep state
>> queue ssh
>> -------------------------------------------------------------------
>>
>> # /etc/rc.d/pf restart
>> Disabling pf.
>> pf disabled
>> Enabling pf.
>> /etc/pf.conf:10: syntax error
>> pfctl: Syntax error in config file: pf rules not loaded
>> pf enabled
>>
>> Unfortunately syntax error...
>
> Should be "no state" according to pf.conf(5)
Thank's a lot !
That was it!
--
Andrew Biriukov
amb@amb.kiev.ua
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47251C78.6090305>