News Profile Code Photography Looking Glass Projects System Statistics Uncategorized
Present Location: News >> Blog >> PF

Blog
> PF
Posted by prox, from Charlotte, on January 14, 2010 at 23:38 local (server) time

I just spent too long banging my head against this.  Apparently in PF, this syntax:

table <mysubnet> const { 10.66.7.64/27 }
table <myhost> const { 10.66.7.65/32 }
rdr on $ext inet proto tcp from { <mysubnet>, ! <myhost> } to port www -> 10.66.4.36 port 80

Does NOT equal the following syntax:

table <mine> const { !10.66.7.65/32, 10.66.7.64/27 }
rdr on $ext inet proto tcp from <mine> to port www -> 10.66.4.36 port 80

The first syntax apparently doesn't allow for the exclusion of a host that lies within a subnet, if they're both separate tables (order doesn't matter, I tried both).  The second creates a single table with the excluded host and the subnet, and it apparently works.

Now you know!

> Add Comment

New comments are currently disabled for this entry.

XHTML 1.0 ValidCSS ValidRSS 2.0Powered by FreeBSDIPv4 This HTML for this page was generated in 0.001 seconds.