Hello,
Trying to load any rules ( even /usr/share/pf/ examples ) I get the error
about enabling table loading for optimizations
and rules get ignored. anybody able to gently apply a cluestick as to what
table loading it is talking about?
# uname -a
OpenBSD gooner.mynet.net 4.1 GENERIC#10 i386
# pfctl -Rf /etc/pf.conf
pfctl: Must enable table loading for optimizations
# cat /etc/pf.conf
# macros
ext_if="re0"
int_if="bge0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
#comp3="192.168.0.3"
# options
set block-policy drop
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr on $ext_if proto tcp from any to any port 80 -> $comp3
# filter rules
block in
pass out
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass quick on $int_if no state
# pfctl -s nat
nat on re0 from ! (re0) to any -> (re0:0)
rdr pass on re0 inet proto tcp from any to (re0:0) port = 64831 ->
10.254.1.40 port 64831
rdr pass on re0 inet proto udp from any to (re0:0) port = 64831 ->
10.254.1.40 port 64831
# pfctl -s rules
scrub in all fragment reassemble
#
