On Jun 6, 2005, at 10:32 PM, Nick Holland wrote:
One obvious (i.e., I've made it :) error that will do as you describe
is
to filter using a name rather than an IP address, before DNS resolution
is set up properly. No pf.conf file, so no idea if I'm barking up the
right tree...
Yeah, I forgot to post the pf.conf (sorry Henning). Honestly, I'm
embarrassed to post it in its current state. I need to clean it up
before I post something that ugly in a public forum. ;-)
Hmm. might be possible to do a typo in such a way that with DNS, it
might resolve to an address, and without, it is an error. Probably
wouldn't work as desired, but that may have been unnoticed. Or maybe I
shouldn't speculate when over-tired.
Not a bad idea, but nothing like that. I never use hostnames in my
rulesets.
I presume you are not able to read the error message due to it
scrolling
off the screen? In addition to the "Syntax error" message, there
should
be a line number..that will tell all, I suspect.
That's correct. I intend to get a serial on this box if it isn't
resolved in the next few days.
If that doesn't work, modifying the /etc/rc file to redirect stderr on
the pfctl lines might tell something...check the modifcation date on it
before editing, make sure it really got updated as you thought it
was...
Thanks for the ideas.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
