Hi,
I was thinking of simplifying the pf.conf by using anchors. My
idea was to have two anchors: "incoming" and "outgoing", and
then those two would have sub-anchors per interface. This would
hopefully reduce errors and make pf.conf more readable. However,
the following two do not work:
case a)
anchor "incoming" in {
anchor on re0 {
pass quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
}
}
case b)
anchor "on_re0" on re0 {
anchor in {
pass quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
}
}
I thought the inmost rule would inherit "in on re0" from its
parent anchors in both cases, but pfctl gives the following error
for both a) and b):
./pf.conf:111: rdr-to can only be used inbound
./pf.conf:111: skipping rule due to errors
./pf.conf:111: rule expands to no valid combination
I don't get more information with -d -vv -g options.
Any help appreciated.
Teemu
