Date: Wed, 30 Nov 2005 00:58:07 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-pf@freebsd.org Subject: Re: Variable parsing difference between OpenBSD and FreeBSD? Message-ID: <20051129235807.GH23781@insomnia.benzedrine.cx> In-Reply-To: <438CE8D5.6050605@forrie.com> References: <438CE6CA.2030508@forrie.com> <20051129234513.GG23781@insomnia.benzedrine.cx> <438CE8D5.6050605@forrie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 29, 2005 at 06:48:37PM -0500, Forrest Aldrich wrote:
> Yes, it was the only variable that I changed. Once I added the commas,
> it works like a charm.
>
> But see my previous post - maybe there's a connection. Where I can't
> get to my public address via the private net (I have my pf.conf posted,
> pre-comma addition).
Well, "it fails" is not a very precise description. Does pfctl refuse to
load the ruleset and produce an error message? If so, please provide the
precise error message it prints.
For instance, if I use the symbolic port name "netris" from the OpenBSD
example (which isn't in FreeBSD's /etc/services), I get
# pfctl -nvf /etc/pf.conf
tcp_services = "imap imaps http netris"
/etc/pf.conf:3: unknown port netris
# cat -n /etc/pf.conf | grep -B 1 -A 1 '^ * 3'
2 rdr pass on gem0 inet proto tcp from any to 10.1.1.60 \
3 port { $tcp_services } -> 10.1.1.60
If it's not a syntax problem pfctl complains about, please explain how
"it fails", i.e. what you expect it to do and what you observe it doing
that differs from expectations. I can't imagine how the commas make a
semantic (but not a syntactic) difference.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051129235807.GH23781>