Travis H. wrote:
1) Lists be allowed to contain only one value, or none. Requiring
braces when > 1 value and requiring no braces when <2 values are
present is a pain for automated rule generation and should be very
easy to implement.
Lists with one item already work, e.g.
pass in on egress pr
Forrest Aldrich wrote:
This rule works fine:
rdr on $ext_if inet proto tcp from ! to ($ext_if) \
port 80 -> $server port 80
but it does not work if I try to add multiple tables like:
rdr on $ext_if inet proto tcp from ! { , } to
($ext_if) \
port 80 -> $server port 80
{}-lists expa
Travis H. wrote:
If you wish to take advantage of this, you can model your script after
static_example.py --- it is not necessary to use the whole twisted
run-time event loop if you just want a static config file.
For the code, see the URL in my sig and look for "Dynamic Firewall Daemon".
Uh w
Hi,
because I am lazy and want to dig through my pf.conf as little as
possible commenting and uncommenting things, I wished that lists in
curly brackets would always work -- even if they are empty, i.e. don't
expand to any rules. Example:
hostA = "1.2.3.4"
fwdtcpA = "1000, 2000:3000"
fwd
Malthe Borch wrote:
We're running an iptables setup with scripted authentication, that enables
users to reach the internet on a per-ip basis.
Users will authenticate to another machine on the network, that in turn
opens a tunnel to the firewall, executes the script and closes the
connection.
Hi,
trying to compile a program of mine on FreeBSD that needs to figure out
the value of PF_TABLE_NAME_SIZE from pfvar.h fails with the following
errors:
line 368:34: "not" may not appear in macro parameter list
line 396: unexpected unqualified-id before `!' token
I can't make heads or tail
Hi,
some comments ...
Adam Morley wrote:
My pf firewall has about 18 or so interfaces (10 physical interfaces,
and a bucket of VLANs). It is layer 3, and routes packets. This,
combined with my previous experience not requiring interface names in
rules makes me want to do:
em0: 10.1.0.0/24
em1:
Roman Marcinek wrote:
Are there any smarted solutions I haven't found yet? I know that
linux's iptables make use of special connection tracking module for ftp
to handle that problem but ... is there anything like this for OpenBSD?
If things like this are solvable shouldn't the solutions find t