Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 30th March 2009
Quaxo Quaxo is offline
Port Guard
Join Date: Jun 2008
Posts: 29
Question A PF packet tagging (policy filtering) question...


I'm experimenting with the rules for packet tagging but when I check the syntax of the rules I get errors...

/# pfctl -n -f /etc/pf.conf.test
/etc/pf.conf.test:102: syntax error
/etc/pf.conf.test:105: syntax error
/etc/pf.conf.test:108: syntax error
these lines corresponds to my packet tagging experiment rules in the file /etc/pf.conf.test ...

# Tag roper -> inet
block out on $ext_if from $my_ip tag ROPER_to_INET # line 99

   # Allow roper -> inet DNS
   pass quick tagged ROPER_to_INET proto udp to $dns_ip port domain  # line 102

   # Allow roper -> inet NTP
   pass quick tagged ROPER_to_INET proto udp to $ntp_ip port ntp # line 105

   # Allow roper -> inet pkg_add
   pass quick tagged ROPER_to_INET proto tcp to $pkg_ip # line 108
"roper" is the router/firewall. "inet" is the internet. The idea here is to tag all packets that originate from Roper and are destined to internet (ie. line 99), then have "secondary rules" that decide which of those tagged packets that are allowed to pass out to the internet (ie. line 102,105 and 108). Can anyone see why I get syntax errors here?

Thanks in advance
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Policy routing bsd and cisco clone Guides 1 17th August 2009 04:57 PM
IP Security Policy Management snap-in wesley OpenBSD Security 2 11th August 2009 04:34 AM
Web content filtering Crypt FreeBSD Security 14 14th December 2008 02:38 PM
Enforce a better user password policy anomie Guides 8 7th November 2008 09:10 PM
question about Packet Filter (pf) milo974 OpenBSD Security 2 31st July 2008 01:39 PM

All times are GMT. The time now is 01:55 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick