> set fingerprints /etc/pf.os
> pfctl: /etc/pf.os : No such file or directory
I wonder if the parser sees the second space and assumes that is part of
the filename. I didn't test, but try removing the extra space before the
pathname.
> /etc/pf.conf:24: syntax error
> Here's that line, which the parser doesn't parse, preceded by other lines in
> question:
> shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> directv_ip_addresses="{ 69.19.0.0/17 }"
> shadday_ip_addresses=""
> ssh_ip_addresses= $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses
>
> Now, we've been here before, and I was instructed to write the
> directv_ip_address line just so, but now the parser is throwing another error
> based on that very variable yet again! (I have singled it out through
> experimentation.) What doesn't it like this time?
Did it like it last time? :)
> /etc/pf.conf:68: syntax error
> pass in quick proto tcp from any to any port = ssh flags S/SA keep state
> (source-track rule, max-src-conn 15, max-src-conn-rate 5/3, overload
> <bruteforce> flush global, if-bound, src.track 3)
>
> when the actual lines I wrote are these:
> web_server="202.71.106.119"
> http_ports="80 8080 7080"
> ssh_ports="22"
> ftp_ports="21 8021 7021"
> https_ports="443"
> imap_ssl_ports="993 143"
> all_http_ports= $http_ports $https_ports
> tcp_ports= $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports
> pass in quick inet proto tcp from any to $web_server port $tcp_ports flags
> S/SA keep state \
> (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush
> global)
>
> Here are my questions concerning this much:
> * Why does the parser render "from any to $web_server" as "from any to any"?
> That's not what I specified!
> * Why does the parser render "port $tcp_ports" as "port = ssh"? That's not
> what I specified, either!
If you want to use a list, use the braces { }
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
