From owner-freebsd-pf@FreeBSD.ORG Wed May 23 05:38:19 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 79CAE16A468 for ; Wed, 23 May 2007 05:38:19 +0000 (UTC) (envelope-from freebsdpf@academ.org) Received: from mx6.academ.org (mx6.academ.org [85.118.224.218]) by mx1.freebsd.org (Postfix) with ESMTP id 2812B13C458 for ; Wed, 23 May 2007 05:38:19 +0000 (UTC) (envelope-from freebsdpf@academ.org) Received: from stronghold.academ.local (stronghold.academ.local [192.168.234.23]) (Authenticated sender: vgi@academ.org) by mx6.academ.org (Postfix) with ESMTP id A1F29EBC23 for ; Wed, 23 May 2007 12:06:48 +0700 (NOVST) From: Vasily Ivanov Organization: Academ.org To: freebsd-pf@freebsd.org Date: Wed, 23 May 2007 12:06:50 +0700 User-Agent: KMail/1.9.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200705231206.50584.freebsdpf@academ.org> X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on mail.academ.org X-Virus-Status: Clean X-Spam-Ystatus: hits=-1.1 R545 R4047 R4773 R4445 R4270 __R4812 R3537 R3538 R3312 R2092 X-Spam-Flag: NO X-Spam-Yversion: academ.org Subject: source limiting NATed connections X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2007 05:38:19 -0000 Hi! I am using PF on my external gateway, and wondering if it is possible to source limit state entries created by nat rules. When I try to put rule like this: "nat on $ext_if from $private_net to any -> $nat_addr (source-track rule, max-src-states 10)" into pf.conf I get a "syntax error" message. There're no other rules besides firewalling the gateway itself in pf.conf. Thanks a lot. -- Vasily Ivanov