Pf enabled but some problem.

[Gio01]

Hello to all the FreeBSD community.

I have problems if someone can help me with PF. I successfully installed everything you need for use and work with PF. I have made my own ruleset for PF. But when I start the script it gives errors in lines like that:

/pf/pf.conf:2: syntax error
/pf/pf.conf:4: syntax error
/pf/pf.conf:6: syntax error
/pf/pf.conf:8: macro 'ext_if' not defined
/pf/pf.conf:8: syntax error
/pf/pf.conf:10: macro 'ext_if' not defined
/pf/pf.conf:10: syntax error
/pf/pf.conf:11: macro 'ext_if' not defined
/pf/pf.conf:12: macro 'ext_if' not defined
/pf/pf.conf:13: macro 'ext_if' not defined
/pf/pf.conf:16: syntax error
/pf/pf.conf:17: syntax error
/pf/pf.conf:19: macro 'ext_if' not defined
/pf/pf.conf:19: syntax error
/pf/pf.conf:21: macro 'ext_if' not defined
/pf/pf.conf:21: syntax error
/pf/pf.conf:22: macro 'ext_if' not defineD
/pf/pf.conf:23: macro 'ext_if' not defined
/pf/pf.conf:24: macro 'ext_if' not defined
/pf/pf.conf:25: macro 'ext_if' not defined
/pf/pf.conf:26: macro 'ext_if' not defined
/pf/pf.conf:27: macro 'ext_if' not defined
/pf/pf.conf:28: macro 'ext_if' not defined
/pf/pf.conf:29: macro 'ext_if' not defined
/pf/pf.conf:30: macro 'ext_if' not defined
/pf/pf.conf:31: macro 'ext_if' not defined
/pf/pf.conf:32: macro 'ext_if' not defined
/pf/pf.conf:33: macro 'ext_if' not defined

I don't understand where I'm wrong. I use FREEBSD FreeBSD 8.2 64 BIT. This is the ruleset:

ext_if="re0"

table <spamd-white> persist

set skip on lo

antispoof log for $ext_if

pass in on $ext_if proto tcp to ($ext_if) port 22
pass in log on $ext_if proto tcp to ($ext_if) port 3306
pass out on $ext_if proto tcp from ($ext_if) port 22
pass out on $ext_if proto tcp from ($ext_if) port 3306

webserver_ip="217.23.15.114/24" 
table <abusive_ips> persist file "/pf/pf.block.list" 
block in quick from <abusive_ips>
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 keep state (max-src-conn-rate 10/40, overload <abusive_ips> flush global) 
pass in on $ext_if proto tcp to $webserver_ip port 11000 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14100 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 12200 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 13100 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14118 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 13110 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14110 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 13106 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14106 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 13107 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14107 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 13108 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)
pass in on $ext_if proto tcp to $webserver_ip port 14108 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_ips> flush)

 

[wblock@]

There are carriage returns in your pf.conf. Remove them:
# perl -pi.orig -e 's/\r//' /etc/pf.conf

Check whatever editor you used; make sure it's not set to add carriage returns.

 

[Gio01]

Ok, now it works perfectly. Thank you!

In the meantime, I wanted to ask you something: I could protect the mysql from unwanted attacks using PF? These rules are fine for a server web? Thank you.

 

[wblock@]

Best to start a new thread for that, with a title that will attract both PF and MySQL users.

 

[Gio01]

There or another section?
Thank you.

 

[wblock@]

In the firewalls section is appropriate. If not, DutchDaemon will move it.