On Thu, Dec 08, 2011 at 10:11:19PM +1100, John Tate wrote:
> I have sucessfully got an OpenBSD machine to connect via ADSL and forward
> packets, I am gradually upgrading my pf.conf. I am having trouble with this
> configuration (ignore some obvious bugs related to table names where tables
> are defined and the rules I have seen them).
what are those obvious bugs? please describe in detail.
> At the moment I am working on doing some things as tables. I want tables to
> hold the ports, but it appears perhaps they can only hold IP addresses. The
> following tables do not work from line 10-11...
from man pf.conf:
TABLES
Tables are named structures which can hold a collection of addresses and
networks. Lookups against tables in pf(4) are relatively fast, making a
single rule with tables much more efficient, in terms of processor usage
and memory consumption, than a large number of rules which differ only in
IP address (either created explicitly or automatically by rule
expansion).
> table <etcpserv> { 22 }
> table <itcpserv> { 22, 53 }
this is what macros are for:
etcpserv = { 22 }
itcpserv = { 22, 53 }
Other parts of your config uses tables correctly. You may want to browse
the PF faq, with http://home.nuug.no/~peter/pf/en/ or the book it spawned
(http://www.nostarch.com/pf2.htm) as a useful supplement.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
