Date: Tue, 22 Aug 2006 17:38:30 -0400 From: beno <zope@2012.vi> To: freebsd-pf@freebsd.org Subject: Re: Another Lists/Macros Question Message-ID: <44EB7956.3030705@2012.vi> In-Reply-To: <44EB764F.9020807@FreeBSD.org> References: <44EB6B18.4030201@2012.vi> <44EB764F.9020807@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Remko Lodder wrote:
> beno wrote:
>> This is accepted by the pfclt compiler just fine:
>>
>> http_ports="80 8080 7080"
>> ssh_ports="22"
>> ftp_ports="21 8021 7021"
>> smtp_ports="25"
>> pop3_ports="110"
>> https_ports="443"
>> imap_ssl_ports="993 143"
>> squid_ports="3128"
>> mysql_ports="3306"
>> email_ports='"{' $smtp_ports $pop3_ports '}"'
>> all_http_ports='"{' $http_ports $https_ports '}"'
>> tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
>>
>> However, this line throws errors:
>>
>> pass in quick inet proto tcp from any to $web_server port $tcp_ports
>> flags S/SA keep state \
>> (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
>> flush global)
>>
>> If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a
>> syntax error.
>> If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I
>> change that to "{ $ftp_ports }" it does work. Why??
>> If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says
>> it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being
>> used yet, so I removed that port. Raised the same error. Removed all but
>> 80. Same thing. Curly braces didn't help me here.
>>
>> Reading the tutorial says this:
>>
>> Here is an example of a list:
>> block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
>> Here is an example of a macro:
>> friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }"
>>
>> Notice the curly braces on the macro. I can't get those to work, but it
>> seems to accept my macros without curly braces. Perhaps that is unique
>> to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the
>> information the tutorial has on the subject (you may look here in the
>> chapter appropriately entitled "Lists and Macros" to verify:
>> http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other
>> source is, unfortunately, this most generous list.
>> TIA,
>> beno
>>
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
> Dude,
>
> You really should start _reading_ and _understanding_ what people
> tell you. I think this is the same problem as you raised before.
> Please look at those messages for more support.
>
> Now again: read the docs and solve your problem.
If you had read what I wrote, you will notice not only did I read the
docs, I even quoted them! It is possible (probable?) that you folks are
simply far more advanced than the docs, at least in this case, and
aren't even aware that the docs DO NOT answer this question! Why don't
you take a look? Why don't you take a look at the doc I quoted? Why
don't you read my quotes? How anyone expects me to answer this question
with the docs provided, which do not address this question, is beyond
me. Perhaps there are other docs of which I am not aware. Trust me, I
would prefer to answer these questions by myself than to be brow-beaten
by this list. But I need to get a job done, "dude". And the docs *do
not* answer the question!!! In fact, as I have pointed out, they even
befuddle the problem with curly braces!!!
So, would you mind answering my question?
TIA,
beno
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44EB7956.3030705>