Date: Mon, 7 Jul 2025 13:58:08 GMT From: Warner Losh <imp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 0077daf9cdc4 - stable/14 - pf.conf.5: additional quoting for ranges in lists Message-ID: <202507071358.567Dw8DY083824@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=0077daf9cdc45cf36e7cc2ca3b65252194221400 commit 0077daf9cdc45cf36e7cc2ca3b65252194221400 Author: Quentin Thébault <quentin.thebault@defenso.fr> AuthorDate: 2024-11-07 06:13:05 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2025-07-07 13:57:01 +0000 pf.conf.5: additional quoting for ranges in lists When defining network address ranges in macros that will later be used as items in list macro, these ranges must be quoted with additiona simple quotes. For instance, the following does not work and is rejected as a syntax error: usr = "192.168.1.0/24" srv = "192.168.2.10 - 192.168.29" nat_ranges = "{" $usr $srv "}" Defining ranges as the following instead will work: usr = "'192.168.1.0/24'" srv = "'192.168.2.10 - 192.168.29'" MFC after: 3 days Reviewed by: imp, ziaee Pull Request: https://github.com/freebsd/freebsd-src/pull/1516 (cherry picked from commit 54f278caf37f9ab578ee58fc70c7b66446ea7e84) --- share/man/man5/pf.conf.5 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 0b73ba6b5e02..697711a8306c 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -100,6 +100,8 @@ Macro names may not be reserved words (for example .Ar in , .Ar out ) . Macros are not expanded inside quotes. +Ranges of network addresses used in macros that will be expanded in lists +later on must be quoted with additional simple quotes. .Pp For example, .Bd -literal -offset indent @@ -107,6 +109,11 @@ ext_if = \&"kue0\&" all_ifs = \&"{\&" $ext_if lo0 \&"}\&" pass out on $ext_if from any to any pass in on $ext_if proto tcp from any to any port 25 + +usr_lan_range = "'192.0.2.0/24'" +srv_lan_range = "'198.51.100.0 - 198.51.100.255'" +nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&" +nat on $ext_if from $nat_ranges to any -> ($ext_if) .Ed .Sh TABLES Tables are named structures which can hold a collection of addresses and
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507071358.567Dw8DY083824>