Hi all,
can anyone tell me what's wrong in line 26?
I get the mentioned error when starting pf:
I used this config for years and now migrated from digital ocean to AWS with FreeBSD 13.1
Every hint appreciated.
Kind regards,
Martin
can anyone tell me what's wrong in line 26?
I get the mentioned error when starting pf:
Code:
pf.conf:26: rule expands to no valid combination
Every hint appreciated.
Kind regards,
Martin
Code:
1 # Set external interface to the public interface
2 # on AMS mostly ena0
3 ext_if = "ena0"
4
5 # Setup the default behaviour
6 # block-policy can bei either [return || drop]
7 # scrub in stitches packets together, before handling
8 # skip on loopback interfaces (group lo)
9 set block-policy return
10 scrub in on $ext_if all fragment reassemble
11 set skip on lo
12
13 # NAT for jails, so that outgoing comminucation from jails is forwarded
14 # rdr anchor for dynamic jail rdr config. This should not be used,
15 # as in this setup haproxy takes over the role to proxy trafiic to the haproxy jail
16 table <jails> persist
17 nat on $ext_if from <jails> to any -> ($ext_if:0)
18 rdr-anchor "rdr/*"
19
20 # RULES
21 block all
22 pass proto icmp all
23 pass proto ipv6-icmp all
24 pass out quick keep state
25 antispoof for $ext_if inet
26 antispoof for $ext_if inet6
27 pass in inet proto tcp from any to any port { 22, 80, 443 } flags S/SA modulate state
28 pass in inet6 proto tcp from any to any port { 80, 443 } flags S/SA modulate state
29