Hi there,
When I try to reload my pf rules it comes up with a syntax error and I can't work out what the issue is. I have removed a number of lines trying to work out what the issue is.
However when I do the following I get the syntax error which is the dns udp line which I can't see an issue with.
Does anyone have any ideas?
Thanks in advance for your time.
When I try to reload my pf rules it comes up with a syntax error and I can't work out what the issue is. I have removed a number of lines trying to work out what the issue is.
Code:
int_if = "re1"
ext_if = "re0"
vpnIPs = "{ 172.16.0.0/24 }"
tcp_allow = "{ 22002 53 1723 80 443 25 587 143 113 993 995 20000 }"
udp_allow = "{ 53 }"
proto_allow = "{ gre }"
table <baddudes> persist
table <trusted> { x.x.x.230 }
set skip on lo
set skip on re1
set timeout interval 10
set timeout frag 30
set timeout tcp.established 14400
set timeout tcp.closing 300
set timeout tcp.finwait 30
set timeout tcp.closed 30
set limit { frags 5000, src-nodes 15000, states 20000, table-entries 150000 }
block in log on $ext_if
pass proto icmp6 all
pass proto icmp all
pass in quick on $ext_if proto tcp from <trusted> to any port 22002 flags any
block in on $ext_if from <baddudes> to any
pass in on $ext_if inet proto udp to any port 33400:33490
pass in on $ext_if inet6 proto udp to any port 33400:33490
pass in on $ext_if inet proto tcp to port $tcp_allow
pass in on $ext_if inet6 proto tcp to port $tcp_allow
pass in on re0 inet proto udp from any to any port 53
pass out on $ext_if from $vpnIPs to any nat-to ($ext_if)
pass out on $ext_if proto { tcp udp icmp } all modulate state
Code:
service pf reload
Reloading pf rules.
/etc/pf.conf:53: syntax errorDoes anyone have any ideas?
Thanks in advance for your time.