• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved PF - rule expands to no valid combination

Mayhem30

Well-Known Member

Thanks: 13
Messages: 299

#1
Could someone please explain what I am doing wrong here?

Simply changing "inet" to "inet6" and the rule is no longer accepted - I receive a "rule expands to no valid combination" error.
Code:
# block ssh scanners
pass in quick log on $EXT_IF inet6 proto tcp from any to $SERVER port $SSH \
        flags S/UAPRSF modulate state \
        (max-src-conn-rate 3/30, overload <blacklist> flush global)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,688

#4
So, the variable expands to an IPv4 address and the rule was made for IPv6 (inet6). Hence the error.