Thanks for your reply.
I think you may be correct - I have been mulling over my syntax, but
haven't found the problem yet (I just converted to PF from ipfw2).
Here is what I'm using for the tables:
block in quick on $ext_if proto { tcp, udp } from { <table1>, <table2> } \
to $ext_if:network port 25
I wonder if this should be written differently.
I initially had "block in quick on $ext_if from" but it complained until
I put the proto statement in there.
Thanks.
Daniel Hartmeier wrote:
On Tue, Nov 29, 2005 at 01:24:04AM -0500, Forrest Aldrich wrote:
Is it not valid to specify in a file based table:
11.22.33.0/24
using slash notation?
I looked at the PF page, and it seems ambiguious about whether this is
valid or not.
It's valid:
# cat file
1.2.3.4
11.22.33.0/24
5.6.7.8
# pfctl -t foo -Tr -f file
1 table created.
3 addresses added.
# pfctl -t foo -Ts
1.2.3.4
5.6.7.8
11.22.33.0/24
# pfctl -t foo -vTt 11.22.33.44
1/1 addresses match.
M 11.22.33.44
I'm guessing not, since I just created a GeoIP table (file-based) which
has slash notation in it, and I'm getting spam hits from one of the
networks already/still.
Then something else is wrong, either the rule using the table doesn't
match (for some other reason than the table not matching), or another
rule is the last matching rule for that connection. Either way, the CIDR
notation in the table is not the problem.
Daniel
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
