Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Aug 2006 09:41:57 +0200
From:      Michal Mertl <mime@traveller.cz>
To:        Jon Simola <jsimola@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Another Lists/Macros Question
Message-ID:  <1156318917.1543.11.camel@genius.i.cz>
In-Reply-To: <8eea04080608221517rd487cf1v35f5372c1a5bb157@mail.gmail.com>
References:  <44EB6B18.4030201@2012.vi> <8eea04080608221517rd487cf1v35f5372c1a5bb157@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Jon Simola wrote:
> On 8/22/06, beno <zope@2012.vi> wrote:
> > This is accepted by the pfclt compiler just fine:
> >
> > http_ports="80 8080 7080"
> > ssh_ports="22"
> > ftp_ports="21 8021 7021"
> > smtp_ports="25"
> > pop3_ports="110"
> > https_ports="443"
> > imap_ssl_ports="993 143"
> > squid_ports="3128"
> > mysql_ports="3306"
> > email_ports='"{' $smtp_ports $pop3_ports '}"'
> > all_http_ports='"{' $http_ports $https_ports '}"'
> > tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
> 
> Not here:
> 
> # pfctl -vvnf ./pf-beno-test
> http_ports = "80 8080 7080"
> ssh_ports = "22"
> ftp_ports = "21 8021 7021"
> smtp_ports = "25"
> pop3_ports = "110"
> https_ports = "443"
> imap_ssl_ports = "993 143"
> squid_ports = "3128"
> mysql_ports = "3306"
> email_ports = ""{ 25 110 }""
> all_http_ports = ""{ 80 8080 7080 443 }""
> tcp_ports = "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }"
> 
> Note the nested braces in the last line - that is your problem.

And the fix is to omit braces in definitions and use them with actual
rules.

For example this pf config file works:
----
smtp_ports = 25 465
pop3_ports = 110 995
email_ports = $smtp_ports $pop3_ports
pass in proto tcp from any to any port { $email_ports }
----

Note that no quoting is necessary here and the parser doesn't care much
about whitespace. If you run pfctl with "-v" you shall see the macro
expansion which should help in understanding the parser and finding out
errors.

Michal

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1156318917.1543.11.camel>