Isn't there a way to parse, don't load rules and complain about
syntax errors or missing variables ?
BB
brent.bolin at gmail.com
Fri Mar 25 07:19:13 PST 2005
These firewall rules don't have any tun or tap0 interfaces.
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 68.79.110.99 netmask 0xffffffe0 broadcast 68.79.110.127
ether 00:02:96:01:bc:13
media: Ethernet autoselect (none)
status: no carrier
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.111.252 netmask 0xffff0000 broadcast 192.168.255.255
ether 00:50:2c:00:82:3a
media: Ethernet autoselect (100baseTX)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
As I recall from a previous firewall configuration using openvpn that
had rules for tap devices pf would complain if it couldn't find the
interface.
My main point was to test that all syntax and variables were correct.
The rule set that I am moving has nat enabled. I think the box will
lock me out if it can't find the default gateway.
Thanks
On Thu, 24 Mar 2005 15:16:38 -0800, Jon Simola <jsimola at gmail.com> wrote:
> On Thu, 24 Mar 2005 16:48:48 -0600, BB <brent.bolin at gmail.com> wrote:
>
> > However when I looked at the configuration file again the scrub rule
> > had the explicate interface name fxp0
> >
> > This new box doesn't have fxp0
>
> It will probably make sense if you think that some interfaces like
> vlan and tun are created and destroyed. You probably don't want to
> reload your firewall config everytime you bring up a PPP link. ipfw
> has the same feature.
>
> --
> Jon Simola
> Systems Administrator
> ABC Communications
>
More information about the freebsd-pf
mailing list