论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2010-08-11 17:11 |只看该作者 |倒序浏览

我的服务器PF规则怎么配置都无法加载，提示
scrub in all
和 NAT 规则出错

***************************************************************

int_if="re0"
ext_if="re1"

dmz_if="re2"
mgr_if="re3"

nat_if="re1"
nat_ip="111.222.101.202"
wan_ip="111.222.101.202"
int_ip="10.1.0.2"
local_net="10.1.0.0/21"

set skip on lo

icmp_types="echoreq"

set block-policy return
set loginterface $ext_if
set optimization normal
set timeout interval 10
set timeout frag 30

scrub in all

# NAT
nat pass on $nat_if inet from $local_net to any -> $nat_ip

# FTP PROXY

# RDR

block log all

pass quick on lo0 all

# SSH From localnet
pass in quick on $int_if inet proto tcp from $local_net to $int_if port ssh flags S/SA keep state

pass in on $int_if inet proto icmp from $local_net to $int_if icmp-type $icmp_types keep state
pass out on $ext_if inet proto icmp from $ext_if to any icmp-type $icmp_types keep state

pass in on $int_if from $int_if:network to any keep state
pass in on $int_if from $local_net to any
pass out on $int_if from any to $local_net

pass out log on $ext_if from $ext_if:network to any

pass out log on $ext_if proto tcp all modulate state flags S/SA

block in log quick on $ext_if proto tcp from any to $ext_if port ssh
*********************************************************

上面是我的规则，我是从旧的直接恢复过来的，可是不能运行，请问难道说 OpenBSD 4.7 PF 语法变了？？
删掉 scrub 和 nat 那两行就可以加载，请高手帮们看看！！谢谢！