From owner-freebsd-pf@FreeBSD.ORG Fri Aug 18 17:05:21 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3AC716A4DD for ; Fri, 18 Aug 2006 17:05:20 +0000 (UTC) (envelope-from reed@reedmedia.net) Received: from ca.pugetsoundtechnology.com (ca.pugetsoundtechnology.com [38.99.2.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB8C443DD1 for ; Fri, 18 Aug 2006 17:04:09 +0000 (GMT) (envelope-from reed@reedmedia.net) Received: from pool-72-64-101-227.dllstx.fios.verizon.net ([72.64.101.227] helo=reedmedia.net) by ca.pugetsoundtechnology.com with esmtp (Exim 4.54) id 1GE7gZ-0005Au-Sp; Fri, 18 Aug 2006 09:59:08 -0700 Received: by glacier.reedmedia.net (Postfix, from userid 1000) id 3960D4DD86; Fri, 18 Aug 2006 12:03:14 -0500 (CDT) Date: Fri, 18 Aug 2006 12:03:14 -0500 (CDT) From: "Jeremy C. Reed" To: beno In-Reply-To: <44E5E816.1030304@2012.vi> Message-ID: References: <44E5E816.1030304@2012.vi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-pf@freebsd.org Subject: Re: Syntax Error X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 17:05:21 -0000 > For some reason the parser likes this syntax in certain places but not in > others: > > 1. # SETTING THE STAGE > 2. # macros > 3. ext_if="vr0" > 4. int_if="lo0" > 5. http_ports="80 8080 7080" > 6. ssh_ports="22" > 7. ftp_ports="21 8021 7021" > 8. smtp_ports="25" > 9. pop3_ports="110" > 10. https_ports="443" > 11. imap_ssl_ports="993 143" > 12. squid_ports="3128" > 13. mysql_ports="3306" > 14. email_ports="{" $smtp_ports $pop3_ports "}" > 15. all_http_ports="{" $http_ports $https_ports "}" > 16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}" I don't think you can put a list inside of another list. > 17. int_ports="{" $squid_ports $mysql_ports "}" > 18. tcp_services="ssh, ftp, http" > 20. web_server="202.71.106.119" > 21. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" > 22. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30 > 202.71.106.118 202.71.106.188 203.142.1.8" > 23. directv_ip_addresses="69.19.0.0/17" > 24. shadday_ip_addresses="70.19.0.0/17" > 25. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses > $shadday_ip_addresses "}" I don't know why the list doesn't allow the macro with the /netmask. If the macros don't have a /netmask the list works (but not what you want). > server167# pfctl -f /etc/pf.conf && sleep 60 && pfctl -f /etc/pf.conf_BAK > /etc/pf.conf:16: syntax error > /etc/pf.conf:24: syntax error > pfctl: Syntax error in config file: pf rules not loaded > > It appears to not like my using "$all_http_ports" in line 16 and one of the > three in the last line (which the machine chooses to call 24 but it is > actually referring to 25). Why? Because you are missing line #19 above so it is off by one.