From owner-freebsd-pf@FreeBSD.ORG Wed Aug 23 07:42:22 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C937616A4DE for ; Wed, 23 Aug 2006 07:42:22 +0000 (UTC) (envelope-from mime@traveller.cz) Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B27343D46 for ; Wed, 23 Aug 2006 07:42:21 +0000 (GMT) (envelope-from mime@traveller.cz) Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13]) by ss.eunet.cz (8.13.6/8.13.6) with ESMTP id k7N7gJts081618 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Wed, 23 Aug 2006 09:42:19 +0200 (CEST) (envelope-from mime@traveller.cz) From: Michal Mertl To: Jon Simola In-Reply-To: <8eea04080608221517rd487cf1v35f5372c1a5bb157@mail.gmail.com> References: <44EB6B18.4030201@2012.vi> <8eea04080608221517rd487cf1v35f5372c1a5bb157@mail.gmail.com> Content-Type: text/plain Date: Wed, 23 Aug 2006 09:41:57 +0200 Message-Id: <1156318917.1543.11.camel@genius.i.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.6.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Another Lists/Macros Question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 07:42:22 -0000 Jon Simola wrote: > On 8/22/06, beno wrote: > > This is accepted by the pfclt compiler just fine: > > > > http_ports="80 8080 7080" > > ssh_ports="22" > > ftp_ports="21 8021 7021" > > smtp_ports="25" > > pop3_ports="110" > > https_ports="443" > > imap_ssl_ports="993 143" > > squid_ports="3128" > > mysql_ports="3306" > > email_ports='"{' $smtp_ports $pop3_ports '}"' > > all_http_ports='"{' $http_ports $https_ports '}"' > > tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}" > > Not here: > > # pfctl -vvnf ./pf-beno-test > http_ports = "80 8080 7080" > ssh_ports = "22" > ftp_ports = "21 8021 7021" > smtp_ports = "25" > pop3_ports = "110" > https_ports = "443" > imap_ssl_ports = "993 143" > squid_ports = "3128" > mysql_ports = "3306" > email_ports = ""{ 25 110 }"" > all_http_ports = ""{ 80 8080 7080 443 }"" > tcp_ports = "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }" > > Note the nested braces in the last line - that is your problem. And the fix is to omit braces in definitions and use them with actual rules. For example this pf config file works: ---- smtp_ports = 25 465 pop3_ports = 110 995 email_ports = $smtp_ports $pop3_ports pass in proto tcp from any to any port { $email_ports } ---- Note that no quoting is necessary here and the parser doesn't care much about whitespace. If you run pfctl with "-v" you shall see the macro expansion which should help in understanding the parser and finding out errors. Michal