On 17 November 2016 at 11:25, steve kolars <bkf...@gmail.com> wrote: > The 4 lines in between the comments are straight out of several documents, > but when I run "pfctl -nf f-n" these lines are flaged as syntax errors. Any > assistance would be appreciated.
“proto tcp” needs to go after the “on [interface]” parameter. pf.conf(5) could be clearer about the difference between “parameters” (which are optional, but must be written in a particular order), and “additional parameters” (which just need to come after the parameters that aren’t additional). BNF is precise, but not always the nicest.
