PF syntax error
Hello, I am not sure if I should be here or over at a pf specific list but here is my problem. I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving me problems. pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) Actually the pass in line does not generate the error. The next line does. /etc/pf.conf:71: syntax error If I remove the line the error goes away (obviously). I have tried using the exact line from the FreeBSD pf.conf man page: (max-src-conn-rate 100/10, overload bad_hosts flush global) (I changed bad_hosts to bruteforce)and that generates the same error. I tried just using: (max-src-conn-rate 100/10) but that too gives me a syntax error. Any help is appreciated. Peter Clark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF syntax error
On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: Hello, I am not sure if I should be here or over at a pf specific list but here is my problem. I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving me problems. pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) Actually the pass in line does not generate the error. The next line does. /etc/pf.conf:71: syntax error If I remove the line the error goes away (obviously). I have tried using the exact line from the FreeBSD pf.conf man page: (max-src-conn-rate 100/10, overload bad_hosts flush global) (I changed bad_hosts to bruteforce)and that generates the same error. I tried just using: (max-src-conn-rate 100/10) but that too gives me a syntax error. Any help is appreciated. Peter Clark The problem seems to be that your rule doesn't have keep state in it. I think this is a bug, since state is kept by default in FreeBSD 7.0. Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF syntax error
Hello, I have in my pf.conf: pass in proto tcp from !ABUSERS to any port www flags S/SA synproxy state (max-src-conn 20, max-src-conn-rate 30/60, overload ABUSERS flush global) and it seems to work just fine... Regards, Yury. On Wed, Oct 15, 2008 at 7:00 PM, Peter Clark [EMAIL PROTECTED] wrote: Hello, I am not sure if I should be here or over at a pf specific list but here is my problem. I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving me problems. pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) Actually the pass in line does not generate the error. The next line does. /etc/pf.conf:71: syntax error If I remove the line the error goes away (obviously). I have tried using the exact line from the FreeBSD pf.conf man page: (max-src-conn-rate 100/10, overload bad_hosts flush global) (I changed bad_hosts to bruteforce)and that generates the same error. I tried just using: (max-src-conn-rate 100/10) but that too gives me a syntax error. Any help is appreciated. Peter Clark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF syntax error
Yury Michurin wrote: Hello, I have in my pf.conf: pass in proto tcp from !ABUSERS to any port www flags S/SA synproxy state (max-src-conn 20, max-src-conn-rate 30/60, overload ABUSERS flush global) and it seems to work just fine... Regards, Yury. On Wed, Oct 15, 2008 at 7:00 PM, Peter Clark [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello, I am not sure if I should be here or over at a pf specific list but here is my problem. I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving me problems. pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) Actually the pass in line does not generate the error. The next line does. /etc/pf.conf:71: syntax error If I remove the line the error goes away (obviously). I have tried using the exact line from the FreeBSD pf.conf man page: (max-src-conn-rate 100/10, overload bad_hosts flush global) (I changed bad_hosts to bruteforce)and that generates the same error. I tried just using: (max-src-conn-rate 100/10) but that too gives me a syntax error. Any help is appreciated. Peter Clark ___ freebsd-questions@freebsd.org mailto:freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] It is because I do not have a keep state directive in mine. I took it out because the pf 4.1 default is flags S/SA keep state. Yours works because you have the synproxy state directive. Thanks, Peter Clark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]