PF syntax error

Thu Oct 16 06:05:01 UTC 2008

--- Original Message ---  
From: Jeremy Chadwick <koitsu at FreeBSD.org>  
To: Peter Clark <clarkp at mtmary.edu>  
Date: 15 october, 20:27:25  
Subject: Re: PF syntax error  

  On Wed, Oct 15, 2008 at 12:00:50PM -0500, Peter Clark wrote:  
> Hello,  
>  
> I am not sure if I should be here or over at a pf specific list but here  
> is my problem.  

I've changed the CC list, so this will now go to the freebsd-pf mailing  
list instead.  

> I am trying my hand at pf on a 7.0-p5 RELEASE box and one rule is giving  
> me problems.  
>  
> pass in quick on $ext_if proto tcp from any to any port 22 flags S/SA \  
>  
> (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush  
> global)  
>  
> Actually the "pass in" line does not generate the error. The next line does.  
>  
> /etc/pf.conf:71: syntax error  
> If I remove the line the error goes away (obviously). I have tried using  
> the exact line from the FreeBSD pf.conf man page:  
>  
> (max-src-conn-rate 100/10, overload <bad_hosts> flush global)  
>  
> (I changed <bad_hosts> to <bruteforce>)and that generates the same  
> error. I tried just using:  
> (max-src-conn-rate 100/10)  
>  
> but that too gives me a syntax error.  
>  
> Any help is appreciated.    

If you want use the  stateful tracking options you should specify source-track option: source-track rule or source-track global.  