From owner-freebsd-pf@FreeBSD.ORG Tue Aug 22 21:25:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FFDE16A4DE for ; Tue, 22 Aug 2006 21:25:33 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18A9743D49 for ; Tue, 22 Aug 2006 21:25:33 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 1E50C92FD3C; Tue, 22 Aug 2006 23:25:32 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 37274-01; Tue, 22 Aug 2006 23:25:31 +0200 (CEST) Message-ID: <44EB764F.9020807@FreeBSD.org> Date: Tue, 22 Aug 2006 23:25:35 +0200 From: Remko Lodder User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: beno References: <44EB6B18.4030201@2012.vi> In-Reply-To: <44EB6B18.4030201@2012.vi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain Cc: freebsd-pf@freebsd.org Subject: Re: Another Lists/Macros Question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Aug 2006 21:25:33 -0000 beno wrote: > This is accepted by the pfclt compiler just fine: > > http_ports="80 8080 7080" > ssh_ports="22" > ftp_ports="21 8021 7021" > smtp_ports="25" > pop3_ports="110" > https_ports="443" > imap_ssl_ports="993 143" > squid_ports="3128" > mysql_ports="3306" > email_ports='"{' $smtp_ports $pop3_ports '}"' > all_http_ports='"{' $http_ports $https_ports '}"' > tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}" > > However, this line throws errors: > > pass in quick inet proto tcp from any to $web_server port $tcp_ports > flags S/SA keep state \ > (max-src-conn 100, max-src-conn-rate 15/5, overload > flush global) > > If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a > syntax error. > If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I > change that to "{ $ftp_ports }" it does work. Why?? > If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says > it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being > used yet, so I removed that port. Raised the same error. Removed all but > 80. Same thing. Curly braces didn't help me here. > > Reading the tutorial says this: > > Here is an example of a list: > block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any > Here is an example of a macro: > friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }" > > Notice the curly braces on the macro. I can't get those to work, but it > seems to accept my macros without curly braces. Perhaps that is unique > to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the > information the tutorial has on the subject (you may look here in the > chapter appropriately entitled "Lists and Macros" to verify: > http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other > source is, unfortunately, this most generous list. > TIA, > beno > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" Dude, You really should start _reading_ and _understanding_ what people tell you. I think this is the same problem as you raised before. Please look at those messages for more support. Now again: read the docs and solve your problem. Thanks, remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org