pf altq blocking ssh

Mon, 10 Oct 2005 07:45:13 -0700 

There is something wrong with my rules file, and I cant find the problem.

pf.conf...
#       $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

localaddr = "{192.168.0.4 127.0.0.1}"
localhosts = "192.168.0.0/24"
allowedusers = "{x11, root, named, _portmap, www}"
if = "xl0"

altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets }

queue all bandwidth 32Kb proirity 1
queue local bandwidth 100Mb proirity 10
queue http bandwidth 60Kb priority 5
queue ssh bandwidth 25Kb priority 7 cbq(borrow)
queue rsets bandwidth 7500b priority 0 cbq(red)

pass in  on $if inet proto tcp from any to any port 22 keep state queue ssh
pass out on $if inet proto tcp from any to any port 443 keep state queue http
pass in  on $if inet proto tcp from any to any port 443 keep state queue http
pass out on $if inet proto tcp from any to any keep state queue local
pass in  on $if inet proto tcp from any to any keep state queue local
pass in  on $if inet proto tcp from any to any keep state queue all
pass in  on $if inet proto tcp from any to any keep state queue all

table <localnet> const { 192.168.1/24 }
table <banned> persist file "/etc/banned"

block drop in on $if from <banned> to $localaddr
block drop out on $if from $localaddr to <banned>

block drop out on $if from $localaddr to <localnet>
pass out on $if from $localaddr to <localnet> user $allowedusers keep state
pass in on $if from $localaddr to <localnet> keep state

-------

pfctl output...
-bash-3.00# pfctl -f /etc/pf.conf
/etc/pf.conf:12: syntax error
/etc/pf.conf:14: syntax error
/etc/pf.conf:15: queue local has no parent
/etc/pf.conf:15: errors in queue definition
/etc/pf.conf:16: queue http has no parent
/etc/pf.conf:16: errors in queue definition
/etc/pf.conf:17: queue ssh has no parent
/etc/pf.conf:17: errors in queue definition
/etc/pf.conf:18: queue rsets has no parent
/etc/pf.conf:18: errors in queue definition
/etc/pf.conf:25: syntax error
/etc/pf.conf:26: syntax error
pfctl: Syntax error in config file: pf rules not loaded

-------

--
John Kintaro Tate
Mobile: 0413 348 815 (Yep, old number, but I have a new phone)

Free OpenBSD shell accounts for all with no gimmicks. Just send your
desired username and password to me, and I will create it.

Personal Website: http://kintaro.noobify.com

Illhostit Webhosting:
https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintaro&campaign=Email

Reply via email to