Date: Thu, 16 Oct 2008 09:04:57 +0300 From: "Vitaliy Vladimirovich" <artemrts@ukr.net> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: Peter Clark <clarkp@mtmary.edu>, freebsd-pf@freebsd.org Subject: Re[2]: PF syntax error Message-ID: <E1KqLyj-000826-Od@ffe5.ukr.net> In-Reply-To: <20081015202725.GA88225@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Original Message --- From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Peter Clark <clarkp@mtmary.edu> Date: 15 october, 20:27:25 Subject: Re: PF syntax error On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote: > Hello, > > I am not sure if I should be here or over at a pf specific list but here > is my problem. I've changed the CC list, so this will now go to the freebsd-pf mailing list instead. > I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving > me problems. > > pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \ > > (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush > global) > > Actually the "pass in" line does not generate the error. The next line does. > > /etc/pf.conf:71: syntax error > If I remove the line the error goes away (obviously). I have tried using > the exact line from the FreeBSD pf.conf man page: > > (max-src-conn-rate 100/10, overload <bad_hosts> flush global) > > (I changed <bad_hosts> to <bruteforce>)and that generates the same > error. I tried just using: > (max-src-conn-rate 100/10) > > but that too gives me a syntax error. > > Any help is appreciated. If you want use the stateful tracking options you should specify source-track option: source-track rule or source-track global.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1KqLyj-000826-Od>