View Single Post
  #3   (View Single Post)  
Old 21st December 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

On an old 5.2 snapshot adding inet fixes the syntax error
Code:
table <PASS_FTP> { 192.168.20.3 192.168.20.5 192.168.20.6 192.168.20.8 }

pass in quick on $int_if inet proto tcp from <PASS_FTP> to any port 21 divert-to 127.0.0.1 port 8021
A syntax check load:
Code:
#  pfctl -vvnf syntax.pf 
Loaded 710 passive OS fingerprints
int_if = "re0"
table <PASS_FTP> { 192.168.20.3 192.168.20.5 192.168.20.6 192.168.20.8 }
@0 pass in quick on re0 inet proto tcp from <PASS_FTP:0> to any port = 21 flags S/SA divert-to 127.0.0.1 port 8021
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote