Problem with PF ruleset

D

DXT

When i try to
Code: 
 pftcl -f /etc/pf.conf
it returns the follow:


With this ruleset:
Code: 
ext_if = "ep0" # macro for external interface - use tun0 for PPPoE
int_if = "ep1" # macro for internal interface
localnet = $int_if:network
# ext_if IP address could be dynamic, hence ($ext_if)
match out on $ext_if from $localnet nat-to ($ext_if)
block all
pass inet proto tcp from { self, $localnet }
says Syntax incorrect

And with this other
Code: 
ext_if = "ep0" # macro for external interface - use tun0 for PPPoE
int_if = "ep1" # macro for internal interface
localnet = $int_if:network
# ext_if IP address could be dynamic, hence ($ext_if)
nat on $ext_if from $localnet to any -> ($ext_if)
block all
pass inet proto tcp from { self, $localnet }
Rules must be in order

if someone can help me with this
 
You need to use the latter NAT form and not the former. nat-to is the newer OpenBSD syntax.

Your latter rules look ok. Maybe the problem is that you're not clearing the old ruleset? Try adding -F rules to your pfctl() command.
 
You must log in or register to reply here.
Back
Top