From owner-freebsd-pf@FreeBSD.ORG Fri Apr 15 15:44:12 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF14816A4CE for ; Fri, 15 Apr 2005 15:44:12 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82EF743D5D for ; Fri, 15 Apr 2005 15:44:11 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E7B8.dip.t-dialin.net[84.163.231.184] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwtQ-1DMSzC1iTn-0008EB; Fri, 15 Apr 2005 17:44:02 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Fri, 15 Apr 2005 17:43:49 +0200 User-Agent: KMail/1.8 References: <425DB3F8.1070101@seton.org> <451cb30105041416324ada3f27@mail.gmail.com> <425FD9D5.90904@seton.org> In-Reply-To: <425FD9D5.90904@seton.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1344932.VfnDuB8lPK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200504151743.59628.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 cc: Matthew Grooms Subject: Re: pf rule macro help ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2005 15:44:12 -0000 --nextPart1344932.VfnDuB8lPK Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 15 April 2005 17:12, Matthew Grooms wrote: > Thanks for the response. I can use the macros that contain host > addresses or host names. The problem occurs when I use a '/' in a macro > and then nest it inside another macro like so ... > > net1 =3D "192.168.1.0/24" > net2 =3D "192.168.2.0/24" > all_nets =3D "{" $net1 $net2 "}" > pass from $all_nets to any Make this: net1 =3D "'192.168.1.0/24'" net2 =3D "'192.168.2.0/24'" all_nets =3D "{" $net1 $net2 "}" pass from $all_nets to any Yes, it's a bit cryptic, but it's nearly impossible to fix the parser witho= ut=20 a major undertaking. This should probably go to the FAQ or the manpage eve= n,=20 I posted a suggestion to OpenBSD's pf ML a while ago:=20 http://marc.theaimsgroup.com/?l=3Dopenbsd-pf&m=3D109725883904534&w=3D2 If OpenBSD doesn't take it, I'll put it into ours after 3.7 is imported. > It always causes a syntax error. The pf web page says you can nest > macros so I don't know why it errors out. If you remove the "/24" > portion of the net1 & net2 macros it works fine. > > I thought it may have had something to do with the fact that I am > running an AMD64 SMP kernel. So I built an i386 UP box and tested the > same four lines above ( with and without the net mask ) and got the same > result. > > I know this is a volunteer effort ( and greatly appreciated at that ) > but would it be possible for someone to independently confirm what I am > seeing and for someone to tell me if this is the intended behavior. > > Thanks in advance, > > -Matthew > > McLone wrote: > > On 4/14/05, Matthew Grooms wrote: > >>host1 =3D "192.168.1.1" > >>host2 =3D "192.168.1.2" > >>all_hosts =3D "{" $host1 $host2 "}" > >>... I always get a syntax error on the "all_nets =3D" line. > > > > Bugs me too. AFAIK there's no way to nest macroses. > > BTW "," isn't needed. > > BTW Thanks for the tip. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1344932.VfnDuB8lPK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCX+E/XyyEoT62BG0RAqo4AJ0cVmmPn4NZZjHkhmXbllTiTQvv3wCdFVgE qyYtzS5LFjVnWEkfw0t9yqQ= =wxms -----END PGP SIGNATURE----- --nextPart1344932.VfnDuB8lPK--