PF Syntax in rules

Hello all.. My rules do not work.
84e83028e7a72a7cbd55c9e45e32abbc.png

I need help, no idea for fix.
Code:
ext_if="em0"
service_ports="{ 22,80,443,10011,30033 }"
udp_ports="{ 9987 }"
table <trusted_hosts> persist file "/var/db/trusted_hosts"
table <abusive_hosts> persist
table <sshguard> persist
icmp_types = "{ echoreq, unreach }"

set block-policy drop
set loginterface $ext_if
set optimization aggressive
set limit { frags 32000, states 64000 }
set skip on lo

scrub on $ext_if all random-id min-ttl 64 max-mss 1440 set-tos reliability reassemble tcp fragment reassemble

antispoof quick for { lo0 $ext_if }

block in

block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"

pass out all keep state
pass out on $ext_if all modulate state

pass in quick from <trusted_hosts>
block in quick from <abusive_hosts>

pass inet proto icmp all icmp-type $icmp_types keep state

pass in on $ext_if proto tcp to any port $service_ports flags S/SA synproxy state 
        (max-src-conn 50, max-src-conn-rate 25/5, overload <abusive_hosts> flush global)

pass in on $ext_if proto udp to any port $udp_ports keep state (max-src-states 5, max-src-conn-rate 5/5, overload <abusive_hosts> flush)
 
Code:
pass in on $ext_if proto tcp to any port $service_ports flags S/SA synproxy state
         (max-src-conn 50, max-src-conn-rate 25/5, overload <abusive_hosts> flush global)
pfctl doesn't automatically continue parsing if you break up rules like this. Instead it tries to parse them as two distinct rules. This should be
Code:
pass in on $ext_if proto tcp to any port $service_ports flags S/SA synproxy state [b]\[/b]
        (max-src-conn 50, max-src-conn-rate 25/5, overload <abusive_hosts> flush global)
i.e. add a backslash \ at the end of the line to tell pfctl that the rule continues on the next line.
 
Back
Top