From owner-freebsd-pf@FreeBSD.ORG Mon Sep 8 16:22:30 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3A891065670 for ; Mon, 8 Sep 2008 16:22:30 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA06.westchester.pa.mail.comcast.net (qmta06.westchester.pa.mail.comcast.net [76.96.62.56]) by mx1.freebsd.org (Postfix) with ESMTP id 71D508FC27 for ; Mon, 8 Sep 2008 16:22:30 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA13.westchester.pa.mail.comcast.net ([76.96.62.52]) by QMTA06.westchester.pa.mail.comcast.net with comcast id CBMQ1a00917dt5G56GNVeJ; Mon, 08 Sep 2008 16:22:29 +0000 Received: from koitsu.dyndns.org ([67.180.253.227]) by OMTA13.westchester.pa.mail.comcast.net with comcast id CGNU1a0034v8bD73ZGNUTz; Mon, 08 Sep 2008 16:22:29 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=birOxeX1a296Z7ILt3kA:9 a=7D21DPO13uxih4apwWEA:7 a=Z-RUfXnrJUVucMexnifcnRVtmC8A:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id DED9217B84F; Mon, 8 Sep 2008 09:22:27 -0700 (PDT) Date: Mon, 8 Sep 2008 09:22:27 -0700 From: Jeremy Chadwick To: Jille Message-ID: <20080908162227.GA73221@icarus.home.lan> References: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> <48C548A8.9030204@quis.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48C548A8.9030204@quis.cx> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD 7.1-PRERELEASE Trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2008 16:22:30 -0000 On Mon, Sep 08, 2008 at 05:45:44PM +0200, Jille wrote: > Dmitry Rybin wrote: > > PF doesn't block some IP!!!! > > > > === pf.conf === > > > > ext_if="bge0" > > table { 78.107.71.38 89.179.195.34 } > > Afaik you need to separate them with a comma (,) This is incorrect. You can use a comma or a space, as the BNF grammar in pf.conf specifies. Here's the grammar break-down, one step at a time: line = ( option | pf-rule | nat-rule | binat-rule | rdr-rule | antispoof-rule | altq-rule | queue-rule | trans-anchors | anchor-rule | anchor-close | load-anchor | table-rule | ) table-rule = "table" "<" string ">" [ tableopts-list ] tableopts-list = tableopts-list tableopts | tableopts tableopts = "persist" | "const" | "file" string | "{" [ tableaddr-list ] "}" tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec Note in tableaddr-list the string: [ "," ]. This means the comma is optional between items within the braces. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |