Hi Chad,
In lists.openbsd-misc, you wrote:
running openbsd 3.2 - just upgraded this morning
and i have one pf rule i cant get to work
# Redirect HTTP requests to Proxy Server except DOMAIN Web Sites
rdr on $Int inet proto tcp from $Lan to ! $DOMAIN port 80 ->
xxx.xxx.xxx.8 port 80
here is all i get when i try to load pf.conf with the rule applied
firewall:~ # pfctl -f /etc/pf.conf
/etc/pf.conf:62: syntax error
pfctl: Syntax error in file: pf rules not loaded
im assuming it has to do with the ! $DOMAIN
if i take that part out and just go with
rdr on $Int inet proto tcp from $Lan to any port 80 -> xxx.xxx.xxx.8
port 80
it will work but i dont want to proxy for my local webservers.
we can't help you on this without knowing what value $DOMAIN has.
If it is what I think, a domain name like openbsd.org, it won't work
because pfctl has no way of knowing which IP adresses have servers
in this domain and which dont.
You can only filter based on IP adresses or IP networks. You also
need to be careful if you want to use a list of IP adresses here
because "rdr ... ! {host1, host2} ..." is expanded to
rdr ... ! host1 ...
rdr ... ! host2 ...
so every packet matches at least one of those rules.
Ciao, Arne.