Variable parsing difference between OpenBSD and FreeBSD?
Forrest Aldrich
forrie at forrie.com
Wed Nov 30 00:00:47 GMT 2005
Sorry, I meant to say that I'm not using "netris" (that was just an
example).
The filters "fail" in that only traffic for imap and possibly smtp get
through, the rest did not. I wasn't able to figure out "why" in that
case, as when I added the commas it works fine now.
Daniel Hartmeier wrote:
> On Tue, Nov 29, 2005 at 06:48:37PM -0500, Forrest Aldrich wrote:
>
>
>> Yes, it was the only variable that I changed. Once I added the commas,
>> it works like a charm.
>>
>> But see my previous post - maybe there's a connection. Where I can't
>> get to my public address via the private net (I have my pf.conf posted,
>> pre-comma addition).
>>
>
> Well, "it fails" is not a very precise description. Does pfctl refuse to
> load the ruleset and produce an error message? If so, please provide the
> precise error message it prints.
>
> For instance, if I use the symbolic port name "netris" from the OpenBSD
> example (which isn't in FreeBSD's /etc/services), I get
>
> # pfctl -nvf /etc/pf.conf
> tcp_services = "imap imaps http netris"
> /etc/pf.conf:3: unknown port netris
>
> # cat -n /etc/pf.conf | grep -B 1 -A 1 '^ * 3'
> 2 rdr pass on gem0 inet proto tcp from any to 10.1.1.60 \
> 3 port { $tcp_services } -> 10.1.1.60
>
> If it's not a syntax problem pfctl complains about, please explain how
> "it fails", i.e. what you expect it to do and what you observe it doing
> that differs from expectations. I can't imagine how the commas make a
> semantic (but not a syntactic) difference.
>
> Daniel
>
More information about the freebsd-pf
mailing list