From owner-freebsd-pf@FreeBSD.ORG Fri Mar 25 15:19:13 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8D6916A4CE for ; Fri, 25 Mar 2005 15:19:13 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 580A543D2F for ; Fri, 25 Mar 2005 15:19:13 +0000 (GMT) (envelope-from brent.bolin@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so761775wra for ; Fri, 25 Mar 2005 07:19:13 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=THcucaetTf1ONFeiPrmyxGmyeNh/8bSM1J0Ct9cETbKlAJPf++nl0ejN4IUC4I5BibvoORHyT8wFBEQCU4c+Mk7QVFjdsQXcdvS+atrGrxwBxouU6BasG+A1a/F5cU2j8to5N/2uUNJU35E7IvlSgDMoSSXqKMRo8mi8A1YVVcE= Received: by 10.54.22.19 with SMTP id 19mr313411wrv; Fri, 25 Mar 2005 07:19:13 -0800 (PST) Received: by 10.54.68.14 with HTTP; Fri, 25 Mar 2005 07:19:12 -0800 (PST) Message-ID: <787dcac205032507193062c2b4@mail.gmail.com> Date: Fri, 25 Mar 2005 09:19:12 -0600 From: BB To: jon@abccomm.com In-Reply-To: <8eea04080503241516211d5aea@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <787dcac20503241448430a7de2@mail.gmail.com> <8eea04080503241516211d5aea@mail.gmail.com> cc: FreeBSD-pf mail list Subject: Re: Isn't there a way to parse, don't load rules and complain about syntax errors or missing variables ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: BB List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 15:19:13 -0000 These firewall rules don't have any tun or tap0 interfaces. rl0: flags=8843 mtu 1500 options=8 inet 68.79.110.99 netmask 0xffffffe0 broadcast 68.79.110.127 ether 00:02:96:01:bc:13 media: Ethernet autoselect (none) status: no carrier vr0: flags=8843 mtu 1500 inet 192.168.111.252 netmask 0xffff0000 broadcast 192.168.255.255 ether 00:50:2c:00:82:3a media: Ethernet autoselect (100baseTX) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 pflog0: flags=141 mtu 33208 As I recall from a previous firewall configuration using openvpn that had rules for tap devices pf would complain if it couldn't find the interface. My main point was to test that all syntax and variables were correct. The rule set that I am moving has nat enabled. I think the box will lock me out if it can't find the default gateway. Thanks On Thu, 24 Mar 2005 15:16:38 -0800, Jon Simola wrote: > On Thu, 24 Mar 2005 16:48:48 -0600, BB wrote: > > > However when I looked at the configuration file again the scrub rule > > had the explicate interface name fxp0 > > > > This new box doesn't have fxp0 > > It will probably make sense if you think that some interfaces like > vlan and tun are created and destroyed. You probably don't want to > reload your firewall config everytime you bring up a PPP link. ipfw > has the same feature. > > -- > Jon Simola > Systems Administrator > ABC Communications >