Remko Lodder wrote:
beno wrote:
This is accepted by the pfclt compiler just fine:
http_ports="80 8080 7080"
ssh_ports="22"
ftp_ports="21 8021 7021"
smtp_ports="25"
pop3_ports="110"
https_ports="443"
imap_ssl_ports="993 143"
squid_ports="3128"
mysql_ports="3306"
email_ports='"{' $smtp_ports $pop3_ports '}"'
all_http_ports='"{' $http_ports $https_ports '}"'
tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
However, this line throws errors:
pass in quick inet proto tcp from any to $web_server port $tcp_ports
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a
syntax error.
If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I
change that to "{ $ftp_ports }" it does work. Why??
If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says
it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being
used yet, so I removed that port. Raised the same error. Removed all but
80. Same thing. Curly braces didn't help me here.
Reading the tutorial says this:
Here is an example of a list:
block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
Here is an example of a macro:
friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }"
Notice the curly braces on the macro. I can't get those to work, but it
seems to accept my macros without curly braces. Perhaps that is unique
to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the
information the tutorial has on the subject (you may look here in the
chapter appropriately entitled "Lists and Macros" to verify:
http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other
source is, unfortunately, this most generous list.
TIA,
beno
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Dude,
You really should start _reading_ and _understanding_ what people
tell you. I think this is the same problem as you raised before.
Please look at those messages for more support.
Now again: read the docs and solve your problem.
If you had read what I wrote, you will notice not only did I read the
docs, I even quoted them! It is possible (probable?) that you folks are
simply far more advanced than the docs, at least in this case, and
aren't even aware that the docs DO NOT answer this question! Why don't
you take a look? Why don't you take a look at the doc I quoted? Why
don't you read my quotes? How anyone expects me to answer this question
with the docs provided, which do not address this question, is beyond
me. Perhaps there are other docs of which I am not aware. Trust me, I
would prefer to answer these questions by myself than to be brow-beaten
by this list. But I need to get a job done, "dude". And the docs *do
not* answer the question!!! In fact, as I have pointed out, they even
befuddle the problem with curly braces!!!
So, would you mind answering my question?
TIA,
beno
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
