Date: Wed, 02 Mar 2022 13:25:41 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 262295] [pf] Tables and anchors Message-ID: <bug-262295-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262295 Bug ID: 262295 Summary: [pf] Tables and anchors Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Some People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: matteo@FreeBSD.org CC: kp@freebsd.org I would like to have a pf.conf similar to the following: table <bruteforce> persist block log quick from <bruteforce> ... more rules anchor "external" on $interface { ... more rules pass in proto tcp from any to ($interface) port ${tcp_services} keep state \ (max-src-conn 10, max-src-conn-rate 1/4, \ overload <bruteforce> flush global) ... more rules } ...more anchor/rules If I try the above, when I load the rules I get: pfctl: warning: namespace collision with <bruteforce> global table. I then tried the following in pf.conf: ... some rules anchor "external" on $interface { table <bruteforce> persist block log quick from <bruteforce> ... more rules pass in proto tcp from any to ($interface) port ${tcp_services} keep state \ (max-src-conn 10, max-src-conn-rate 1/4, \ overload <bruteforce> flush global) ... more rules } ... more rules And I got "syntax error" on the line where "table <bruteforce> persist" is = and on the line where the closing bracket of the anchor "external is. It is unclear to whether I am making a mistake, or whether the first and/or= the second should actually work (and I would prefer at least the first to work,= if possible). (This issue maybe, but perhaps not, related to #183198. This forum post (https://forums.freebsd.org/threads/inline-anchor-table-fail.61116/) also s= hows something similar to what I am experiencing) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262295-227>