Sorry, I meant to say that I'm not using "netris" (that was just an
example).
The filters "fail" in that only traffic for imap and possibly smtp get
through, the rest did not. I wasn't able to figure out "why" in that
case, as when I added the commas it works fine now.
Daniel Hartmeier wrote:
On Tue, Nov 29, 2005 at 06:48:37PM -0500, Forrest Aldrich wrote:
Yes, it was the only variable that I changed. Once I added the commas,
it works like a charm.
But see my previous post - maybe there's a connection. Where I can't
get to my public address via the private net (I have my pf.conf posted,
pre-comma addition).
Well, "it fails" is not a very precise description. Does pfctl refuse to
load the ruleset and produce an error message? If so, please provide the
precise error message it prints.
For instance, if I use the symbolic port name "netris" from the OpenBSD
example (which isn't in FreeBSD's /etc/services), I get
# pfctl -nvf /etc/pf.conf
tcp_services = "imap imaps http netris"
/etc/pf.conf:3: unknown port netris
# cat -n /etc/pf.conf | grep -B 1 -A 1 '^ * 3'
2 rdr pass on gem0 inet proto tcp from any to 10.1.1.60 \
3 port { $tcp_services } -> 10.1.1.60
If it's not a syntax problem pfctl complains about, please explain how
"it fails", i.e. what you expect it to do and what you observe it doing
that differs from expectations. I can't imagine how the commas make a
semantic (but not a syntactic) difference.
Daniel
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
