Hi there,
First, does there exist a tidy-like syntax checker for the pf.conf
file. That would be handy.
I'm writing a new pf.conf, based on Policy Filtering, and running into
some problems.
What I'm trying to do is:
rdr on $ext_if proto tcp from !<geoip>, !<spammers>, !<abuse> any \
port { $tcp_services } tag INET_DMZ -> $server
rdr on $ext_if proto tcp from !<abuse> any \
port 80 tag INET_DMZ -> $server
rdr on $ext_if proto tcp from !<abuse> any \
port 443 tag INET_DMZ -> $server
And pfctl complains that there is a syntax error on all of these. I'm
trying to set this up, so that IP classes in the named tables are
negated and not allowed through, taking the rest and handling accordingly.
I'm certain this is possible, however I've not found many good examples
to consult (including the PF Handbook, which does not address negation
in these rules).
Thanks.
