From owner-freebsd-ipfw Sat Feb 26 21:49:17 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from chmls05.mediaone.net (ne.mediaone.net [24.128.1.70]) by hub.freebsd.org (Postfix) with ESMTP id 5913B37B5BD; Sat, 26 Feb 2000 21:49:09 -0800 (PST) (envelope-from bloom@acm.org) Received: from acm.org (reyim.ne.mediaone.net [24.218.251.241]) by chmls05.mediaone.net (8.8.7/8.8.7) with ESMTP id AAA27609; Sun, 27 Feb 2000 00:49:06 -0500 (EST) Message-ID: <38B8BAC5.9927A56E@acm.org> Date: Sun, 27 Feb 2000 00:48:53 -0500 From: Jim Bloom X-Mailer: Mozilla 4.7 [en]C-MOENE (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-current@freebsd.org, freebsd-ipfw@freebsd.org Subject: cpp change breaks ipfw Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have been using cpp on my firewall to expand my local firewall rules and fill in the local address and subnetmask. This makes things easier my ISP decides to change my IP address using DHCP. My firewall is running an approximately one year old version of current and I'm trying to upgrade it to a recent version. I am running ipfw as "ipfw -p /usr/bin/cpp -Daddr=value1 -Dmask=value2 file". My firewall rules have been using constructs similar to the following if put in a file. #define addr 192.168.2.5 #define mask 255.255.254.0 add pass tcp from addr:mask to any 25 setup On the old version of current this expands to add pass tcp from 192.168.2.5:255.255.254.0 to any 25 setup but on a new version of current this expands to add pass tcp from 192.168.2.5 : 255.255.254.0 to any 25 setup Note the extra spaces around the colon. Unfortunately, this breaks ipfw which interprets the colon where it expects the "to". There are several options here: 1) Fix cpp to not emit the extra spaces 2) Fix ipfw to handle addresses being multiple arguments 3) Document the cpp is not a valid preprocessor for ipfw on the manual page. Option 1 seems like it might be a little difficult. Option 2 looks to be reasonably simple to implement after reading the code. Option 3 is the easiest, but I believe it is the wrong way to handle the problem. I can submit patches for 2 or 3 reasonably quickly. I have no idea about fixing cpp. Jim Bloom bloom@acm.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message