From owner-freebsd-pf@FreeBSD.ORG  Tue Jan 17 07:20:04 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 21D0416A41F
	for <freebsd-pf@freebsd.org>; Tue, 17 Jan 2006 07:20:04 +0000 (GMT)
	(envelope-from bill.marquette@gmail.com)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A61BE43D55
	for <freebsd-pf@freebsd.org>; Tue, 17 Jan 2006 07:20:03 +0000 (GMT)
	(envelope-from bill.marquette@gmail.com)
Received: by xproxy.gmail.com with SMTP id s9so1010703wxc
	for <freebsd-pf@freebsd.org>; Mon, 16 Jan 2006 23:20:02 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=ObGI8rUUSYMoA90abKQcJzpLpMEMU/olyY6SgaTgd2DCv32+9CIqSghf9A57CaKWK6QiwutaLeDFpwMJ1+MIbp92m39JCFe30iUyq2RlMW7dYQz1xsGXlPcyTzGfN7zF4zzVOW2fcDUqxjeR2P6XtDMeowJVxxDw2vblkKaGevA=
Received: by 10.70.122.14 with SMTP id u14mr8862486wxc;
	Mon, 16 Jan 2006 23:20:02 -0800 (PST)
Received: by 10.70.109.8 with HTTP; Mon, 16 Jan 2006 23:20:02 -0800 (PST)
Message-ID: <55e8a96c0601162320u43488aefqd6bb35c2fe689205@mail.gmail.com>
Date: Tue, 17 Jan 2006 01:20:02 -0600
From: Bill Marquette <bill.marquette@gmail.com>
To: "derth@wbs.co.za" <derth@wbs.co.za>
In-Reply-To: <16246.196.2.148.70.1137479488.squirrel@webmail.wbs.co.za>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <16246.196.2.148.70.1137479488.squirrel@webmail.wbs.co.za>
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: PF + PPPoE
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2006 07:20:04 -0000

On 1/17/06, derth@wbs.co.za <derth@wbs.co.za> wrote:
>
>
> >Without the ruleset it's going to be kind of difficult to help.  This
> >does work, which means there's something wrong with your rules.
> >
> >--Bill
>
> My apologies, here is my pf.conf file:
>
> #define Macros
> ext_if =3D "tun0"
> int_if =3D "fxp0"
> tcp_services =3D "22"
> priv_net =3D "{ 127.0.0.0/8, 192.168.0.0/24, 172.16.0.0/12, 10.0.0.0/8 }"
> secure_mail =3D"196.*.*.*"
> tech_net =3D"196.*.*.*/24"
> admin_mweb =3D"196.*.*.*"
> allow_web =3D"{ 196.*.*.*, 196.*.*.*, 196.*.*.*, 196.*.*.*, tun0 }"

Interesting.  After replacing the 196.* addresses with fake addresses,
pfctl parses this just fine on my FreeBSD 6 box.  I did wrap tun0 in
the allow_web macro with paren's but pfctl -nf was happy with the
ruleset before and after and I've got no tun0.  What's the error
you're getting?

--Bill