Date: Thu, 24 Aug 2006 10:04:48 -0400 From: beno <zope@2012.vi> To: freebsd-pf@freebsd.org Subject: Last Two Questions (I Think...) Message-ID: <44EDB200.5020006@2012.vi>
next in thread | raw e-mail | index | archive | help
Thank you very much for all your help!
Here is the first problem. It's a continuation of a problem we "fixed"
earlier (nor did I change anything after we got it working the first time):
shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
202.71.106.118 202.71.106.188 203.142.1.8"
directv_ip_addresses="{ 69.19.0.0/17 }"
shadday_ip_addresses="{ 200.88.64/23 200.88.66/23 200.88.80/20
200.88.96/20 200.88.112/22 200.88.118/23 200.88.120/21 }"
ssh_ip_addresses= $shinjiru_ip_addresses $directv_ip_addresses
$shadday_ip_addresses
The parser won't parse the last line. It won't let me include either of
the last two macros. This happened before I added the addresses to the
latter (shadday) but is compounded by the same.
The second problem has to do with logs. For example, this works:
pass in quick inet proto tcp from any to $web_server port { $tcp_ports }
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
but this does not work:
pass in quick log (all) inet proto tcp from any to $web_server port {
$tcp_ports } flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
How do I turn on logging? Also, can someone give me good pointers as to
what I should log? Being inexperienced, I'm apt to log everything in site :/
TIA,
beno
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44EDB200.5020006>