pf shortcuts for block quick

Question

Looking at https://www.openbsd.org/faq/pf/shortcuts.html it's not clear to me if these are the same-

block quick from <bruteforce>

and-

block in quick from <bruteforce> to any
block out quick from any to <bruteforce>

similarly, I wonder if this is also equivalent-

block quick <bruteforce>

(My goal here is to block any access, in or out, from the IPs listed in the table.)

if you didn't know already, `pfctl -s rules` is handy to print the rules as-interpreted by pf — pete, Dec 17 '16 at 01:57

score 1 · Answer 1 · answered Oct 16 '16 at 00:23

1

They are not. To be short, only two rules in the middle are valid, others are just a noise. from requires a pair of addresses and a to keyword, and the last rule is just a total nonense.

answered Oct 16 '16 at 00:23

drookie

8,625
1
19
29

2

The first form is valid on openbsd - `from` & `to` are each optional (default to `any`) - the rule is interpreted as `block quick from to any`, which _is_ equivalent to the two middle rules together – pete Dec 17 '16 at 02:01

score 0 · Answer 2 · answered Sep 03 '19 at 15:15

0

Although with Pf some keywords could be redundant and thus allowed to be omitted the last rule is a total no-go. You can refer to man pf.conf which has its syntax rules outlined with BNF-like grammar description.

answered Sep 03 '19 at 15:15

poige

9,448
2
25
52

pf shortcuts for block quick

2 Answers2