Solved PF - rule expands to no valid combination

Mayhem30

Well-Known Member

Thanks: 17
Messages: 333

#1
Could someone please explain what I am doing wrong here?

Simply changing "inet" to "inet6" and the rule is no longer accepted - I receive a "rule expands to no valid combination" error.
Code:
# block ssh scanners
pass in quick log on $EXT_IF inet6 proto tcp from any to $SERVER port $SSH \
        flags S/UAPRSF modulate state \
        (max-src-conn-rate 3/30, overload <blacklist> flush global)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,231
Messages: 27,212

#4
So, the variable expands to an IPv4 address and the rule was made for IPv6 (inet6). Hence the error.
 
Top