> set fingerprints /etc/pf.os > pfctl: /etc/pf.os : No such file or directory
I wonder if the parser sees the second space and assumes that is part of the filename. I didn't test, but try removing the extra space before the pathname. > /etc/pf.conf:24: syntax error > Here's that line, which the parser doesn't parse, preceded by other lines in > question: > shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30 > 202.71.106.118 202.71.106.188 203.142.1.8" > directv_ip_addresses="{ 69.19.0.0/17 }" > shadday_ip_addresses="" > ssh_ip_addresses= $shinjiru_ip_addresses $directv_ip_addresses > $shadday_ip_addresses > > Now, we've been here before, and I was instructed to write the > directv_ip_address line just so, but now the parser is throwing another error > based on that very variable yet again! (I have singled it out through > experimentation.) What doesn't it like this time? Did it like it last time? :) > /etc/pf.conf:68: syntax error > pass in quick proto tcp from any to any port = ssh flags S/SA keep state > (source-track rule, max-src-conn 15, max-src-conn-rate 5/3, overload > <bruteforce> flush global, if-bound, src.track 3) > > when the actual lines I wrote are these: > web_server="202.71.106.119" > http_ports="80 8080 7080" > ssh_ports="22" > ftp_ports="21 8021 7021" > https_ports="443" > imap_ssl_ports="993 143" > all_http_ports= $http_ports $https_ports > tcp_ports= $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports > pass in quick inet proto tcp from any to $web_server port $tcp_ports flags > S/SA keep state \ > (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush > global) > > Here are my questions concerning this much: > * Why does the parser render "from any to $web_server" as "from any to any"? > That's not what I specified! > * Why does the parser render "port $tcp_ports" as "port = ssh"? That's not > what I specified, either! If you want to use a list, use the braces { } _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"