From owner-freebsd-pf@FreeBSD.ORG  Mon Aug 21 16:08:00 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E113916A4DA
	for <freebsd-pf@freebsd.org>; Mon, 21 Aug 2006 16:08:00 +0000 (UTC)
	(envelope-from reed@reedmedia.net)
Received: from ca.pugetsoundtechnology.com (ca.pugetsoundtechnology.com
	[38.99.2.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6502543D5E
	for <freebsd-pf@freebsd.org>; Mon, 21 Aug 2006 16:08:00 +0000 (GMT)
	(envelope-from reed@reedmedia.net)
Received: from pool-72-64-101-227.dllstx.fios.verizon.net ([72.64.101.227]
	helo=reedmedia.net)
	by ca.pugetsoundtechnology.com with esmtp (Exim 4.54)
	id 1GFCJ6-0004uM-7r; Mon, 21 Aug 2006 09:07:20 -0700
Received: by glacier.reedmedia.net (Postfix, from userid 1000)
	id 10B814DCF7; Mon, 21 Aug 2006 11:07:48 -0500 (CDT)
Date: Mon, 21 Aug 2006 11:07:48 -0500 (CDT)
From: "Jeremy C. Reed" <reed@reedmedia.net>
To: beno <zope@2012.vi>
In-Reply-To: <44E9C775.5060009@2012.vi>
Message-ID: <Pine.NEB.4.64.0608211101450.817@glacier.reedmedia.net>
References: <44E9C775.5060009@2012.vi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-pf@freebsd.org
Subject: Re: Never Ask Questions On A Friday Afternoon
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2006 16:08:01 -0000

> Let me try this again. Here's the beginning of my pf.conf:
> 
> 1. # SETTING THE STAGE
> 2. # macros
> 3. ext_if="vr0"
> 4. int_if="lo0"
> 5. http_ports="80 8080 7080"
> 6. ssh_ports="22"
> 7. ftp_ports="21 8021 7021"
> 8. smtp_ports="25"
> 9. pop3_ports="110"
> 10. https_ports="443"
> 11. imap_ssl_ports="993 143"
> 12. squid_ports="3128"
> 13. mysql_ports="3306"
> 14. email_ports="{" $smtp_ports $pop3_ports "}"
> 15. all_http_ports="{" $http_ports $https_ports "}"
> 16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
> 17. int_ports="{" $squid_ports $mysql_ports "}"
> 18. tcp_services="ssh, ftp, http"
> 19. web_server="202.71.106.119"
> 20. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
> 21. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> 22. directv_ip_addresses="69.19.0.0 netmask  0.0.127.255"
> 23. shadday_ip_addresses=""
> 24. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"
> 
> Here's what I get when I try to load it:
> server167# pfctl -f /etc/pf.conf
> /etc/pf.conf:16: syntax error
> /etc/pf.conf:24: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
> 
> Apparently, it doesn't like *one* my nested macros in line #16 (it likes 
> all the others)

As mentioned before, you have confusion between the definitions of "macro" 
and "list".

Your problem is not tested "macros" but nested "lists".

Please point us to the specific line number (other than #16) that has a 
nested list.

Your questions were answered multiple times by multiple senders. In 
particular look at the response in your thread direct from the PF 
developer.

> and it doesn't like the CIDR netmask in line 22. Someone 
> suggested I research the archives concerning the latter "where this 
> known problem was already discussed" but I found nothing. Would someone 
> care to help me with these problems now?