Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Mar 2005 09:19:12 -0600
From:      BB <brent.bolin@gmail.com>
To:        jon@abccomm.com
Cc:        FreeBSD-pf mail list <freebsd-pf@freebsd.org>
Subject:   Re: Isn't there a way to parse, don't load rules and complain about syntax errors or missing variables ?
Message-ID:  <787dcac205032507193062c2b4@mail.gmail.com>
In-Reply-To: <8eea04080503241516211d5aea@mail.gmail.com>
References:  <787dcac20503241448430a7de2@mail.gmail.com> <8eea04080503241516211d5aea@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
These firewall rules don't have any  tun or tap0 interfaces.

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 68.79.110.99 netmask 0xffffffe0 broadcast 68.79.110.127
        ether 00:02:96:01:bc:13
        media: Ethernet autoselect (none)
        status: no carrier
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.111.252 netmask 0xffff0000 broadcast 192.168.255.255
        ether 00:50:2c:00:82:3a
        media: Ethernet autoselect (100baseTX)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208

As I recall from a previous firewall configuration using openvpn that
had rules for tap devices pf would complain if it couldn't find the
interface.

My main point was to test that all syntax and variables were correct. 
The rule set that I am moving has nat enabled.  I think the box will
lock me out if it can't find the default gateway.

Thanks



On Thu, 24 Mar 2005 15:16:38 -0800, Jon Simola <jsimola@gmail.com> wrote:
> On Thu, 24 Mar 2005 16:48:48 -0600, BB <brent.bolin@gmail.com> wrote:
> 
> > However when I looked at the configuration file again the scrub rule
> > had the explicate interface name fxp0
> >
> > This new box doesn't have fxp0
> 
> It will probably make sense if you think that some interfaces like
> vlan and tun are created and destroyed. You probably don't want to
> reload your firewall config everytime you bring up a PPP link. ipfw
> has the same feature.
> 
> --
> Jon Simola
> Systems Administrator
> ABC Communications
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?787dcac205032507193062c2b4>