Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Aug 2006 16:37:44 -0400
From:      beno <zope@2012.vi>
To:        freebsd-pf@freebsd.org
Subject:   Another Lists/Macros Question
Message-ID:  <44EB6B18.4030201@2012.vi>
next in thread | raw e-mail | index | archive | help 
This is accepted by the pfclt compiler just fine:

http_ports="80 8080 7080"
ssh_ports="22"
ftp_ports="21 8021 7021"
smtp_ports="25"
pop3_ports="110"
https_ports="443"
imap_ssl_ports="993 143"
squid_ports="3128"
mysql_ports="3306"
email_ports='"{' $smtp_ports $pop3_ports '}"'
all_http_ports='"{' $http_ports $https_ports '}"'
tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"

However, this line throws errors:

pass in quick inet proto tcp from any to $web_server port $tcp_ports
flags S/SA keep state \
    (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)

If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a
syntax error.
If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I
change that to "{ $ftp_ports }" it does work. Why??
If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says
it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being
used yet, so I removed that port. Raised the same error. Removed all but
80. Same thing. Curly braces didn't help me here.

Reading the tutorial says this:

Here is an example of a list:
block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
Here is an example of a macro:
friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }"

Notice the curly braces on the macro. I can't get those to work, but it
seems to accept my macros without curly braces. Perhaps that is unique
to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the
information the tutorial has on the subject (you may look here in the
chapter appropriately entitled "Lists and Macros" to verify:
http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other
source is, unfortunately, this most generous list.
TIA,
beno

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44EB6B18.4030201>