Date: Sat, 4 Dec 2004 14:03:38 +0000 From: Daniela <dgw@liwest.at> To: "Reinhard Haller" <reinhard.haller@interactive-net.de>, <freebsd-ipfw@freebsd.org> Subject: Re: Antw: Re: preprocessor questions Message-ID: <200412041403.38980.dgw@liwest.at> In-Reply-To: <s1b02d94.009@fs-inter.interactive.de> References: <s1b02d94.009@fs-inter.interactive.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 03 December 2004 08:10, Reinhard Haller wrote: > Hi Daniela, > > >>>> Daniela <dgw@liwest.at> 02.12.2004 22:13 >>> > > > >On Thursday 02 December 2004 16:03, Reinhard Haller wrote: > >> Hi, > >> > >> I'm using cpp as preprocessor for my firewall rules. > >> > >> I'd problems specifying macros. > >> > >> #define RULE __LINE__ > >> #define ldap 389 > >> #define ldaps 636 > >> #define all_ldap 389,636 > >> > >> sample1: > >> add RULE pass tcp from 192.168.0.0/24 to any ldap,ldaps setup > >> keep-state > >> > >> sample2: > >> add RULE pass tcp from 192.168.0.0/24 to any all_ldap setup > >> keep-state > >> > >> Sample 1 produces an error, while sample 2 is working. Why? > > > >Are you using IPFW 2? If no, the problem is that the preprocessor adds > > leading > > >and trailing spaces to the macro expansions. In C, this doesn't > > matter, but > > >IPFW doesn't like it. If you absolutely need to keep it this way, use > > IPFW 2. > > >Or modify the preprocessor. > > In fact the rule > > add RULE pass tcp from 192.168.0.0/24 to any 389, 636 setup > > and the rule > > add RULE pass tcp from 192.168.0.0/24 to any 389 , 636 setup > > for ipfw aren't identical as they should be (The second produces an > error message, caused by the blank between the number and the > comma). > > This is a feature shared by IPFW1 and IPFW2 (I'm using the latter > one). Ah yes. But you could try the command line switch "-traditional". IIRC this will inhibit the generation of spaces.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412041403.38980.dgw>