https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262295
Bug ID: 262295
Summary: [pf] Tables and anchors
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: security
Severity: Affects Some People
Priority: ---
Component: misc
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
I would like to have a pf.conf similar to the following:
table <bruteforce> persist
block log quick from <bruteforce>
... more rules
anchor "external" on $interface {
... more rules
pass in proto tcp from any to ($interface)
port ${tcp_services} keep state \
(max-src-conn 10, max-src-conn-rate 1/4, \
overload <bruteforce> flush global)
... more rules
}
...more anchor/rules
If I try the above, when I load the rules I get:
pfctl: warning: namespace collision with <bruteforce> global table.
I then tried the following in pf.conf:
... some rules
anchor "external" on $interface {
table <bruteforce> persist
block log quick from <bruteforce>
... more rules
pass in proto tcp from any to ($interface)
port ${tcp_services} keep state \
(max-src-conn 10, max-src-conn-rate 1/4, \
overload <bruteforce> flush global)
... more rules
}
... more rules
And I got "syntax error" on the line where "table <bruteforce> persist" is and
on the line where the closing bracket of the anchor "external is.
It is unclear to whether I am making a mistake, or whether the first and/or the
second should actually work (and I would prefer at least the first to work, if
possible).
(This issue maybe, but perhaps not, related to #183198. This forum post
(https://forums.freebsd.org/threads/inline-anchor-table-fail.61116/) also shows
something similar to what I am experiencing)
--
You are receiving this mail because:
You are the assignee for the bug.
