PF syntax error

[Ermal Luçi]

On Wed, Oct 15, 2008 at 11:04 PM, Jon Radel <jon at radel.com> wrote:
> Ermal Luçi wrote:
>> On Wed, Oct 15, 2008 at 10:27 PM, Jeremy Chadwick <koitsu at freebsd.org> wrote:
>>> On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote:
>>>> Hello,
>>>>
>>>> I am not sure if I should be here or over at a pf specific list but here
>>>> is my problem.
>>> I've changed the CC list, so this will now go to the freebsd-pf mailing
>>> list instead.
>>>
>>>> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving
>>>> me problems.
>>>>
>>>> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \
>>>>
>>>>  (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush
>>>> global)
>>
>> Is it a copy-paste error or you forgot keep state in there?
>> It should look
>> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \
>> keep state(max-src-conn 15, max-src-conn-rate 5/3, overload
>> <bruteforce> flush global)
>
> And here I thought "keep state" was the default in the pf shipped with
> FreeBSD 7.0....

Well its just code that tries to be smart if he finds s syntax of the form
pass in quick on $ext_if proto tcp from any to any port 22

other than that it needs to be certain that you meant what you meant.
>
> Actually, it is, as is "flags S/SA" on TCP connections.  Those defaults
> came in with the PF from OpenBSD 4.1, which is what is used in FreeBSD 7.0.
>
> --Jon Radel
>
>



-- 
Ermal