Last Two Questions (I Think...)
beno
zope at 2012.vi
Thu Aug 24 14:05:14 UTC 2006
Thank you very much for all your help!
Here is the first problem. It's a continuation of a problem we "fixed"
earlier (nor did I change anything after we got it working the first time):
shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
202.71.106.118 202.71.106.188 203.142.1.8"
directv_ip_addresses="{ 69.19.0.0/17 }"
shadday_ip_addresses="{ 200.88.64/23 200.88.66/23 200.88.80/20
200.88.96/20 200.88.112/22 200.88.118/23 200.88.120/21 }"
ssh_ip_addresses= $shinjiru_ip_addresses $directv_ip_addresses
$shadday_ip_addresses
The parser won't parse the last line. It won't let me include either of
the last two macros. This happened before I added the addresses to the
latter (shadday) but is compounded by the same.
The second problem has to do with logs. For example, this works:
pass in quick inet proto tcp from any to $web_server port { $tcp_ports }
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
but this does not work:
pass in quick log (all) inet proto tcp from any to $web_server port {
$tcp_ports } flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
How do I turn on logging? Also, can someone give me good pointers as to
what I should log? Being inexperienced, I'm apt to log everything in site :/
TIA,
beno
More information about the freebsd-pf
mailing list