Date: Fri, 03 Dec 2004 09:10:21 +0100 From: "Reinhard Haller" <reinhard.haller@interactive-net.de> To: <freebsd-ipfw@freebsd.org>, <dgw@liwest.at> Subject: Antw: Re: preprocessor questions Message-ID: <s1b02d94.008@fs-inter.interactive.de>
next in thread | raw e-mail | index | archive | help
Hi Daniela, >>>> Daniela <dgw@liwest.at> 02.12.2004 22:13 >>> >On Thursday 02 December 2004 16:03, Reinhard Haller wrote: >> Hi, >> >> I'm using cpp as preprocessor for my firewall rules. >> >> I'd problems specifying macros. >> >> #define RULE __LINE__ >> #define ldap 389 >> #define ldaps 636 >> #define all_ldap 389,636 >> >> sample1: >> add RULE pass tcp from 192.168.0.0/24 to any ldap,ldaps setup >> keep-state >> >> sample2: >> add RULE pass tcp from 192.168.0.0/24 to any all_ldap setup >> keep-state >> >> Sample 1 produces an error, while sample 2 is working. Why? > >Are you using IPFW 2? If no, the problem is that the preprocessor adds leading >and trailing spaces to the macro expansions. In C, this doesn't matter, but >IPFW doesn't like it. If you absolutely need to keep it this way, use IPFW 2. >Or modify the preprocessor. In fact the rule add RULE pass tcp from 192.168.0.0/24 to any 389, 636 setup and the rule add RULE pass tcp from 192.168.0.0/24 to any 389 , 636 setup for ipfw aren't identical as they should be (The second produces an error message, caused by the blank between the number and the comma). This is a feature shared by IPFW1 and IPFW2 (I'm using the latter one). Reinhard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s1b02d94.008>