From owner-freebsd-pf@FreeBSD.ORG Mon Aug 21 16:14:54 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B36F16A4E0 for ; Mon, 21 Aug 2006 16:14:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BF7443D5A for ; Mon, 21 Aug 2006 16:14:52 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.182.129] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis), id 0ML29c-1GFCQE39zm-0002Jt; Mon, 21 Aug 2006 18:14:44 +0200 From: Max Laier Organization: FreeBSD To: beno Date: Mon, 21 Aug 2006 18:14:36 +0200 User-Agent: KMail/1.9.3 References: <44E9C775.5060009@2012.vi> <20060821151505.GA18457@insomnia.benzedrine.cx> <44E9D57C.9010905@2012.vi> In-Reply-To: <44E9D57C.9010905@2012.vi> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart11920246.CJsCOpXOId"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200608211814.41748.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-pf@freebsd.org Subject: Re: Never Ask Questions On A Friday Afternoon X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Aug 2006 16:14:54 -0000 --nextPart11920246.CJsCOpXOId Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 21 August 2006 17:47, beno wrote: > Daniel Hartmeier wrote: > > If you don't care about that, the short answer is that the '/' in the > > CIDR notation makes a difference, and you'll have to accept this as a > > parser peculiarity. Alternatively you can send in a patch or request > > your money back. > > You mean, NOBODY has dealt with this problem before?! Are there no > work-arounds?? What does everyone else do when faced with this > problem?? I don't see a problem. Macros are there to make your life easier and I=20 don't see how nesting macros that you hardly ever use un-nested makes=20 one's life easier. Other than that, Daniel already offered a refund. > And that only addresses (doesn't answer) the SECOND question. Here's > the FIRST again: > > Hi; > Let me try this again. Here's the beginning of my pf.conf: > > 1. # SETTING THE STAGE > 2. # macros > 3. ext_if=3D"vr0" > 4. int_if=3D"lo0" > 5. http_ports=3D"80 8080 7080" > 6. ssh_ports=3D"22" > 7. ftp_ports=3D"21 8021 7021" > 8. smtp_ports=3D"25" > 9. pop3_ports=3D"110" > 10. https_ports=3D"443" > 11. imap_ssl_ports=3D"993 143" > 12. squid_ports=3D"3128" > 13. mysql_ports=3D"3306" > 14. email_ports=3D"{" $smtp_ports $pop3_ports "}" > 15. all_http_ports=3D"{" $http_ports $https_ports "}" > 16. tcp_ports=3D "{" $ssh_ports $ftp_ports $all_http_ports > $imap_ssl_ports "}" > 17. int_ports=3D"{" $squid_ports $mysql_ports "}" > 18. tcp_services=3D"ssh, ftp, http" > 19. web_server=3D"202.71.106.119" > 20. NoRouteIPs =3D "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" > 21. shinjiru_ip_addresses=3D"202.71.102.114 202.71.100.126 202.71.106.30 > 202.71.106.118 202.71.106.188 203.142.1.8" > 22. directv_ip_addresses=3D"69.19.0.0 netmask 0.0.127.255" > 23. shadday_ip_addresses=3D"" > 24. ssh_ip_addresses=3D"{" $shinjiru_ip_addresses $directv_ip_addresses > $shadday_ip_addresses "}" > > Here's what I get when I try to load it: > server167# pfctl -f /etc/pf.conf > /etc/pf.conf:16: syntax error > /etc/pf.conf:24: syntax error > pfctl: Syntax error in config file: pf rules not loaded > > QUESTION #1 > Apparently, it doesn't like *one* my nested macros in line #16 (it > likes all the others) Macros are simply placeholder that are expanded in place - THIS IS=20 EXPLAINED IN THE MANUAL PAGE! So line 16 really reads: > 16. tcp_ports=3D "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }" Which simply isn't legal as nesting curly braces isn't legal. This was=20 explained to you *several* times in this thread and the one before. I=20 really, really urge you to start reading the replies you are getting and=20 the supplied reading material. Please stop bothering this list with=20 plain stupid questions that can be answered with reading the BNF in=20 pf.conf(5), a tad bit of Google, Y!, or wikipedia or simple human sense. I still encourage questions, even simple ones - but one should be able to=20 take a hint. If you want somebody to do it for you, you usually pay for=20 that service! > QUESTION #2 > and it doesn't like the CIDR netmask in line 22. Someone suggested I > research the archives concerning the latter "where this known problem > was already discussed" but I found nothing. Would someone care to help > me with these problems now? Daniel supplied the pointer to one (of several) threads on this matter=20 above. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart11920246.CJsCOpXOId Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE6dvxXyyEoT62BG0RAjngAJ9K9b9gYhnJLby13CQyzErT+hj4ywCaAtAc btfuye7f0rP8f6DkjuWhqHA= =chWj -----END PGP SIGNATURE----- --nextPart11920246.CJsCOpXOId--