Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Aug 2006 11:07:48 -0500 (CDT)
From:      "Jeremy C. Reed" <reed@reedmedia.net>
To:        beno <zope@2012.vi>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Never Ask Questions On A Friday Afternoon
Message-ID:  <Pine.NEB.4.64.0608211101450.817@glacier.reedmedia.net>
In-Reply-To: <44E9C775.5060009@2012.vi>
References:  <44E9C775.5060009@2012.vi>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Let me try this again. Here's the beginning of my pf.conf:
> 
> 1. # SETTING THE STAGE
> 2. # macros
> 3. ext_if="vr0"
> 4. int_if="lo0"
> 5. http_ports="80 8080 7080"
> 6. ssh_ports="22"
> 7. ftp_ports="21 8021 7021"
> 8. smtp_ports="25"
> 9. pop3_ports="110"
> 10. https_ports="443"
> 11. imap_ssl_ports="993 143"
> 12. squid_ports="3128"
> 13. mysql_ports="3306"
> 14. email_ports="{" $smtp_ports $pop3_ports "}"
> 15. all_http_ports="{" $http_ports $https_ports "}"
> 16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
> 17. int_ports="{" $squid_ports $mysql_ports "}"
> 18. tcp_services="ssh, ftp, http"
> 19. web_server="202.71.106.119"
> 20. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
> 21. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> 22. directv_ip_addresses="69.19.0.0 netmask  0.0.127.255"
> 23. shadday_ip_addresses=""
> 24. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"
> 
> Here's what I get when I try to load it:
> server167# pfctl -f /etc/pf.conf
> /etc/pf.conf:16: syntax error
> /etc/pf.conf:24: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
> 
> Apparently, it doesn't like *one* my nested macros in line #16 (it likes 
> all the others)

As mentioned before, you have confusion between the definitions of "macro" 
and "list".

Your problem is not tested "macros" but nested "lists".

Please point us to the specific line number (other than #16) that has a 
nested list.

Your questions were answered multiple times by multiple senders. In 
particular look at the response in your thread direct from the PF 
developer.

> and it doesn't like the CIDR netmask in line 22. Someone 
> suggested I research the archives concerning the latter "where this 
> known problem was already discussed" but I found nothing. Would someone 
> care to help me with these problems now?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.0608211101450.817>