Date: Wed, 23 Aug 2006 10:29:55 -0500 (CDT) From: "Jeremy C. Reed" <reed@reedmedia.net> To: beno <zope@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: Another Lists/Macros Question Message-ID: <Pine.NEB.4.64.0608231026060.1647@glacier.reedmedia.net> In-Reply-To: <44EC60F9.2080102@2012.vi> References: <44EB6B18.4030201@2012.vi> <8eea04080608221517rd487cf1v35f5372c1a5bb157@mail.gmail.com> <1156318917.1543.11.camel@genius.i.cz> <44EC60F9.2080102@2012.vi>
next in thread | previous in thread | raw e-mail | index | archive | help
> set fingerprints /etc/pf.os
> pfctl: /etc/pf.os : No such file or directory
I wonder if the parser sees the second space and assumes that is part of
the filename. I didn't test, but try removing the extra space before the
pathname.
> /etc/pf.conf:24: syntax error
> Here's that line, which the parser doesn't parse, preceded by other lines in
> question:
> shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> directv_ip_addresses="{ 69.19.0.0/17 }"
> shadday_ip_addresses=""
> ssh_ip_addresses= $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses
>
> Now, we've been here before, and I was instructed to write the
> directv_ip_address line just so, but now the parser is throwing another error
> based on that very variable yet again! (I have singled it out through
> experimentation.) What doesn't it like this time?
Did it like it last time? :)
> /etc/pf.conf:68: syntax error
> pass in quick proto tcp from any to any port = ssh flags S/SA keep state
> (source-track rule, max-src-conn 15, max-src-conn-rate 5/3, overload
> <bruteforce> flush global, if-bound, src.track 3)
>
> when the actual lines I wrote are these:
> web_server="202.71.106.119"
> http_ports="80 8080 7080"
> ssh_ports="22"
> ftp_ports="21 8021 7021"
> https_ports="443"
> imap_ssl_ports="993 143"
> all_http_ports= $http_ports $https_ports
> tcp_ports= $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports
> pass in quick inet proto tcp from any to $web_server port $tcp_ports flags
> S/SA keep state \
> (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush
> global)
>
> Here are my questions concerning this much:
> * Why does the parser render "from any to $web_server" as "from any to any"?
> That's not what I specified!
> * Why does the parser render "port $tcp_ports" as "port = ssh"? That's not
> what I specified, either!
If you want to use a list, use the braces { }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.0608231026060.1647>