Date: Wed, 15 Oct 2008 17:04:25 -0400 From: Jon Radel <jon@radel.com> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <ermal.luci@gmail.com> Cc: Peter Clark <clarkp@mtmary.edu>, freebsd-pf@freebsd.org Subject: Re: PF syntax error Message-ID: <48F65AD9.808@radel.com> In-Reply-To: <9a542da30810151332v54c6a9a8jb00a2afbd8214b26@mail.gmail.com> References: <48F621C2.8080405@mtmary.edu> <20081015202725.GA88225@icarus.home.lan> <9a542da30810151332v54c6a9a8jb00a2afbd8214b26@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Ermal Lui wrote:
> On Wed, Oct 15, 2008 at 10:27 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote:
>> On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote:
>>> Hello,
>>>
>>> I am not sure if I should be here or over at a pf specific list but here
>>> is my problem.
>> I've changed the CC list, so this will now go to the freebsd-pf mailing
>> list instead.
>>
>>> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving
>>> me problems.
>>>
>>> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \
>>>
>>> (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush
>>> global)
>
> Is it a copy-paste error or you forgot keep state in there?
> It should look
> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \
> keep state(max-src-conn 15, max-src-conn-rate 5/3, overload
> <bruteforce> flush global)
And here I thought "keep state" was the default in the pf shipped with
FreeBSD 7.0....
Actually, it is, as is "flags S/SA" on TCP connections. Those defaults
came in with the PF from OpenBSD 4.1, which is what is used in FreeBSD 7.0.
--Jon Radel
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 100\mtv0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10
URadel10U*
Jon Thomas10UJon Thomas Radel1
0 *H
jon@radel.com0"0
*H
��0
�t,P
p#
٬q_2=L-^m
>z3ʟV![([ AoE}ϛ3/6?cWx(/)'$6sTl<*i'=uox
Mbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P; *Wg/jN*OVՠQMB(=:
�*0(0U
0
jon@radel.com0
U
0�0
*H
��h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)00\mtv0
*H
�0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080324165921Z
090324165921Z0^10
URadel10U*
Jon Thomas10UJon Thomas Radel1
0 *H
jon@radel.com0"0
*H
��0
�t,P
p#
٬q_2=L-^m
>z3ʟV![([ AoE}ϛ3/6?cWx(/)'$6sTl<*i'=uox
Mbt
rdtnxud1R6T>zU0FZ,vN9NP{>qE`^P; *Wg/jN*OVՠQMB(=:
�*0(0U
0
jon@radel.com0
U
0�0
*H
��h!oܨ[А!fN#[Z
b$3?x&$~Ħ9}`MX[It}/bXZajgxɥ' 2NrtWAr sFި'^@mDVw\)0?0
0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
*H
��0�Ħ<UsUNʙZ
hup
[v
:aQP
0cZ,p+Z?qV˯<
6$*+w=+>@dקe*TH<a@
dr`�00U
0�0CU
<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0
U
0)U
"0
0
10UPrivateLabel2-1380
*H
��HP
.
fgCL!6 -6/
P p<ab:~�
t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$
F]_eO1d0`0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0 +�0 *H
1
*H
0
*H
1
081015210425Z0# *H
1+B
3>g:(K}0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71x0v0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0
*H
1xv0b1
0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAmtv0
*H
��yA|[1ې|^i 7whYc`HƢ(`O(t=
PrJ'נ^X5fK#
.Oy)V#[d+G{Ҵ[ ~4f΄0ܼCЃثXD[~0>wRc6hyd3
gڶV
X[W|QW֫+`5^ɉtD'Ԙ/Rχyf[<ɲt-I
7f㼼R1܅^Jr������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F65AD9.808>