Hi all,
I've spent the past couple of days dealing with pf as it won't load the rulesets in pf.conf(5)(). I'm not sure why pfctl(8) complains about blank lines since the latter and comments should be ignored. Anyway, below is my pf.conf(5) file as it is right now and hope someone would shed some light on this issue or perhaps see something I'm failing to.
P.S.: First, I used editors/nano to create it, then tried editors/leafpad hoping it's something to do with spaces, but no luck.
Thank You,
I've spent the past couple of days dealing with pf as it won't load the rulesets in pf.conf(5)(). I'm not sure why pfctl(8) complains about blank lines since the latter and comments should be ignored. Anyway, below is my pf.conf(5) file as it is right now and hope someone would shed some light on this issue or perhaps see something I'm failing to.
P.S.: First, I used editors/nano to create it, then tried editors/leafpad hoping it's something to do with spaces, but no luck.
Thank You,
Code:
#
# UNAME = FreeBSD-10.1-STABLE
# ARCH = x86_64(AMD64/Intel 64)
# KERNEL = GENERIC
# PF SETTINGS = DESKTOP
# STATUS = RULES NOT LOADING - SYNTAX ERRORS ON LINES 20 & 28
# LINE 20: EMPTY!?
# LINE 28: EMPTY!?
######################### MACROS #########################
ext_if="igb0"
#int_if=""
broken="224.0.0.22 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, \
169.254.0.0/16, 0.0.0.0/8, 240.0.0.0/4, 255.255.255.255/32"
######################### TABLES #########################
#table <spamd-white> persist
//LINE 20\\
######################### OPTIONS #########################
set loginterface $ext_if
set timeout interval
set ruleset-optimization basic
set optimization normal
set block-policy drop
set skip on lo0
//LINE 28\\
######################### TRAFFIC NORMALIZATION #########################
antispoof quick for ($ext_if)
match in all scrub (no-df max-mss 1440)
#scrub in $ext_if all fragment reassemble
######################### TRANSLATION #########################
#nat-anchor "ftp-proxy/*"
#rdr-anchor "ftp-proxy/*"
#nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
# -> 127.0.0.1 port spamd
######################### PACKET FILTERING #########################
#anchor "ftp-proxy/*"
block out quick inet6 all
block in quick inet6 all
block in quick from { $broken urpf-failed no-route } to any
block in all
pass out quick on $ext_if inet keep state
#pass quick on $int_if no state
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp
#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }
Last edited by a moderator: