From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 3 08:11:00 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A75D916A4CE for ; Fri, 3 Dec 2004 08:11:00 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AC8843D45 for ; Fri, 3 Dec 2004 08:11:00 +0000 (GMT) (envelope-from reinhard.haller@interactive-net.de) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Ca8Wp-0008T4-00 for freebsd-ipfw@freebsd.org; Fri, 03 Dec 2004 09:10:59 +0100 Received: from [217.232.138.28] (helo=interactive.dnsalias.net) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 1Ca8Wp-0006bJ-00 for freebsd-ipfw@freebsd.org; Fri, 03 Dec 2004 09:10:59 +0100 Received: from fs-inter.interactive.de ([192.168.0.1]) by interactive.dnsalias.net with smtp (Exim 4.42 (FreeBSD)) id 1Ca8Wb-0000ok-K5 for freebsd-ipfw@freebsd.org; Fri, 03 Dec 2004 09:10:45 +0100 Received: from dom-inter-Message_Server by fs-inter.interactive.de with Novell_GroupWise; Fri, 03 Dec 2004 09:10:44 +0100 Message-Id: X-Mailer: Novell GroupWise 5.5.5 Date: Fri, 03 Dec 2004 09:10:21 +0100 From: "Reinhard Haller" To: , Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline X-ACL-rcpt: freebsd-ipfw@freebsd.org X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:826490dd1e74a3d8dbafa5d2e0d2dc05 Subject: Antw: Re: preprocessor questions X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Dec 2004 08:11:00 -0000 Hi Daniela, >>>> Daniela 02.12.2004 22:13 >>> >On Thursday 02 December 2004 16:03, Reinhard Haller wrote: >> Hi, >> >> I'm using cpp as preprocessor for my firewall rules. >> >> I'd problems specifying macros. >> >> #define RULE __LINE__ >> #define ldap 389 >> #define ldaps 636 >> #define all_ldap 389,636 >> >> sample1: >> add RULE pass tcp from 192.168.0.0/24 to any ldap,ldaps setup >> keep-state >> >> sample2: >> add RULE pass tcp from 192.168.0.0/24 to any all_ldap setup >> keep-state >> >> Sample 1 produces an error, while sample 2 is working. Why? > >Are you using IPFW 2? If no, the problem is that the preprocessor adds leading >and trailing spaces to the macro expansions. In C, this doesn't matter, but >IPFW doesn't like it. If you absolutely need to keep it this way, use IPFW 2. >Or modify the preprocessor. In fact the rule add RULE pass tcp from 192.168.0.0/24 to any 389, 636 setup and the rule add RULE pass tcp from 192.168.0.0/24 to any 389 , 636 setup for ipfw aren't identical as they should be (The second produces an error message, caused by the blank between the number and the comma). This is a feature shared by IPFW1 and IPFW2 (I'm using the latter one). Reinhard