FreeBSD 7.1-PRERELEASE Trouble
Jeremy Chadwick
koitsu at FreeBSD.org
Mon Sep 8 16:22:30 UTC 2008
On Mon, Sep 08, 2008 at 05:45:44PM +0200, Jille wrote:
> Dmitry Rybin wrote:
> > PF doesn't block some IP!!!!
> >
> > === pf.conf ===
> >
> > ext_if="bge0"
> > table <dnsflood> { 78.107.71.38 89.179.195.34 }
>
> Afaik you need to separate them with a comma (,)
This is incorrect. You can use a comma or a space, as the BNF grammar
in pf.conf specifies. Here's the grammar break-down, one step at a
time:
line = ( option | pf-rule | nat-rule | binat-rule | rdr-rule |
antispoof-rule | altq-rule | queue-rule | trans-anchors |
anchor-rule | anchor-close | load-anchor | table-rule | )
table-rule = "table" "<" string ">" [ tableopts-list ]
tableopts-list = tableopts-list tableopts | tableopts
tableopts = "persist" | "const" | "file" string |
"{" [ tableaddr-list ] "}"
tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec
Note in tableaddr-list the string: [ "," ]. This means the comma is
optional between items within the braces.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-pf
mailing list