On Thu, Dec 8, 2011 at 11:00 PM, Peter N. M. Hansteen <[email protected]>wrote:
> On Thu, Dec 08, 2011 at 10:11:19PM +1100, John Tate wrote:
> > I have sucessfully got an OpenBSD machine to connect via ADSL and forward
> > packets, I am gradually upgrading my pf.conf. I am having trouble with
> this
> > configuration (ignore some obvious bugs related to table names where
> tables
> > are defined and the rules I have seen them).
>
> what are those obvious bugs? please describe in detail.
>
Ignore them, that refers to mistakes of mine (the names on the tables
differs from the names in the rules)
>
> > At the moment I am working on doing some things as tables. I want tables
> to
> > hold the ports, but it appears perhaps they can only hold IP addresses.
> The
> > following tables do not work from line 10-11...
>
> from man pf.conf:
>
> TABLES
> Tables are named structures which can hold a collection of addresses
> and
> networks. Lookups against tables in pf(4) are relatively fast, making
> a
> single rule with tables much more efficient, in terms of processor
> usage
> and memory consumption, than a large number of rules which differ only
> in
> IP address (either created explicitly or automatically by rule
> expansion).
>
>
> > table <etcpserv> { 22 }
> > table <itcpserv> { 22, 53 }
>
> this is what macros are for:
>
> etcpserv = { 22 }
> itcpserv = { 22, 53 }
>
> Other parts of your config uses tables correctly. You may want to browse
> the PF faq, with http://home.nuug.no/~peter/pf/en/ or the book it spawned
> (http://www.nostarch.com/pf2.htm) as a useful supplement.
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
--
www.johntate.org
