Date: Fri, 15 Apr 2005 17:43:49 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Cc: Matthew Grooms <mgrooms@seton.org> Subject: Re: pf rule macro help ... Message-ID: <200504151743.59628.max@love2party.net> In-Reply-To: <425FD9D5.90904@seton.org> References: <425DB3F8.1070101@seton.org> <451cb30105041416324ada3f27@mail.gmail.com> <425FD9D5.90904@seton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1344932.VfnDuB8lPK
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Friday 15 April 2005 17:12, Matthew Grooms wrote:
> Thanks for the response. I can use the macros that contain host
> addresses or host names. The problem occurs when I use a '/' in a macro
> and then nest it inside another macro like so ...
>
> net1 =3D "192.168.1.0/24"
> net2 =3D "192.168.2.0/24"
> all_nets =3D "{" $net1 $net2 "}"
> pass from $all_nets to any
Make this:
net1 =3D "'192.168.1.0/24'"
net2 =3D "'192.168.2.0/24'"
all_nets =3D "{" $net1 $net2 "}"
pass from $all_nets to any
Yes, it's a bit cryptic, but it's nearly impossible to fix the parser witho=
ut=20
a major undertaking. This should probably go to the FAQ or the manpage eve=
n,=20
I posted a suggestion to OpenBSD's pf ML a while ago:=20
http://marc.theaimsgroup.com/?l=3Dopenbsd-pf&m=3D109725883904534&w=3D2
If OpenBSD doesn't take it, I'll put it into ours after 3.7 is imported.
> It always causes a syntax error. The pf web page says you can nest
> macros so I don't know why it errors out. If you remove the "/24"
> portion of the net1 & net2 macros it works fine.
>
> I thought it may have had something to do with the fact that I am
> running an AMD64 SMP kernel. So I built an i386 UP box and tested the
> same four lines above ( with and without the net mask ) and got the same
> result.
>
> I know this is a volunteer effort ( and greatly appreciated at that )
> but would it be possible for someone to independently confirm what I am
> seeing and for someone to tell me if this is the intended behavior.
>
> Thanks in advance,
>
> -Matthew
>
> McLone wrote:
> > On 4/14/05, Matthew Grooms <mgrooms@seton.org> wrote:
> >>host1 =3D "192.168.1.1"
> >>host2 =3D "192.168.1.2"
> >>all_hosts =3D "{" $host1 $host2 "}"
> >>... I always get a syntax error on the "all_nets =3D" line.
> >
> > Bugs me too. AFAIK there's no way to nest macroses.
> > BTW "," isn't needed.
>
> BTW Thanks for the tip.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart1344932.VfnDuB8lPK
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQBCX+E/XyyEoT62BG0RAqo4AJ0cVmmPn4NZZjHkhmXbllTiTQvv3wCdFVgE
qyYtzS5LFjVnWEkfw0t9yqQ=
=wxms
-----END PGP SIGNATURE-----
--nextPart1344932.VfnDuB8lPK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504151743.59628.max>