Hello. I have fatal trap 12 with new pf rules.
http://imglink.ru/show-image.php?id=7f99b9de8bb5333ccfb5256e43f8d0be
rc.conf
pf.conf
1 week it's work perfect.
later when i apply a new pf.conf i have fatal trap 12
others config's work fine.
http://imglink.ru/show-image.php?id=7f99b9de8bb5333ccfb5256e43f8d0be
Code:
FreeBSD server.local 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #1: Wed Mar 17 18:43:23 MSK 2010
[email]root@server.local[/email]:/usr/obj/usr/src/sys/GATE i386rc.conf
Code:
# LAN
ifconfig_re0="inet 192.168.10.1 netmask 255.255.255.0"
# Akado
ifconfig_stge0="inet 192.168.1.253 netmask 255.255.255.0"
# Yota
ifconfig_stge1="DHCP"
# Bitway
ifconfig_stge2="inet 210.20.10.34 netmask 255.255.255.248"
keymap="ru.koi8-r"
sshd_enable="YES"
zabbix_agentd_enable="YES"
# pf
pf_enable="YES"
pf_rules="/etc/pf.conf.backup"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
# squid
squid_enable="YES"
# dns
named_enable="YES"
# ipfw
firewall_enable="YES"
firewall_type="open"
firewall_logging="YES"pf.conf
Code:
ext_if_a = "stge0" #akado
ext_gw_a = "192.168.1.1"
ext_if_b = "stge1" #yota
ext_gw_b = "10.116.124.1"
ext_if_c = "stge2" #bitway
ext_gw_c = "210.20.10.33"
int_if = "re0"
set skip on lo0
# Scrub
scrub in
table <usersquid> persist file "/etc/pf/usersofsquid"
table <int_a> persist file "/etc/pf/int_a.conf"
table <int_b> persist file "/etc/pf/int_b.conf"
table <int_c> persist file "/etc/pf/int_c.conf"
# nat
nat on $ext_if_a inet from !(self) -> ($ext_if_a:0)
nat on $ext_if_b inet from !(self) -> ($ext_if_b:0)
nat on $ext_if_c inet from !(self) -> ($ext_if_c:0)
#rdr pass on $int_if proto tcp from $int_if:network to any port 80 -> ($int_if) port 3128
rdr pass on $int_if proto tcp from <usersquid> to any port 80 -> ($int_if) port 3128
#block in all
#block out all
pass in on $ext_if_c proto tcp from any to ($ext_if_c) port 22 flags S/SA keep state
pass in on $ext_if_c reply-to ($ext_if_c $ext_gw_c) proto tcp from any to ($ext_if_c) port 22 flags S/SA keep state
pass in on $int_if route-to ($ext_if_a $ext_gw_a) proto tcp from <int_a> to any flags S/SA keep state
pass in on $int_if route-to ($ext_if_a $ext_gw_a) proto { udp, icmp } from <int_a> to any keep state
pass in on $int_if route-to ($ext_if_b $ext_gw_b) proto tcp from <int_b> to any flags S/SA keep state
pass in on $int_if route-to ($ext_if_b $ext_gw_b) proto { udp, icmp } from <int_b> to any keep state
pass in on $int_if route-to ($ext_if_c $ext_gw_c) proto tcp from <int_c> to any flags S/SA keep state
pass in on $int_if route-to ($ext_if_c $ext_gw_c) proto { udp, icmp } from <int_c> to any keep state
pass in on $int_if proto tcp from $int_if:network to ($int_if) flags S/SA keep state
pass in on $int_if proto { udp, icmp } from $int_if:network to ($int_if) keep state
pass out on $int_if proto tcp from ($int_if) to $int_if:network flags S/SA keep state
pass out on $int_if proto { udp, icmp } from ($int_if) to $int_if:network keep state
pass out on $ext_if_a proto tcp from <int_a> to any flags S/SA keep state
pass out on $ext_if_a proto { udp, icmp } from <int_a> to any keep state
pass out on $ext_if_b proto tcp from <int_b> to any flags S/SA keep state
pass out on $ext_if_b proto { udp, icmp } from <int_b> to any keep state
pass out on $ext_if_c proto tcp from <int_c> to any flags S/SA keep state
pass out on $ext_if_c proto { udp, icmp } from <int_c> to any keep state
pass out on $ext_if_a proto tcp from self to any flags S/SA keep state
pass out on $ext_if_a proto { udp, icmp } from self to any keep state1 week it's work perfect.
later when i apply a new pf.conf i have fatal trap 12
others config's work fine.
