Date: Mon, 21 Aug 2006 18:14:36 +0200 From: Max Laier <max@love2party.net> To: beno <zope@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: Never Ask Questions On A Friday Afternoon Message-ID: <200608211814.41748.max@love2party.net> In-Reply-To: <44E9D57C.9010905@2012.vi> References: <44E9C775.5060009@2012.vi> <20060821151505.GA18457@insomnia.benzedrine.cx> <44E9D57C.9010905@2012.vi>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart11920246.CJsCOpXOId
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Monday 21 August 2006 17:47, beno wrote:
> Daniel Hartmeier wrote:
> > If you don't care about that, the short answer is that the '/' in the
> > CIDR notation makes a difference, and you'll have to accept this as a
> > parser peculiarity. Alternatively you can send in a patch or request
> > your money back.
>
> You mean, NOBODY has dealt with this problem before?! Are there no
> work-arounds?? What does everyone else do when faced with this
> problem??
I don't see a problem. Macros are there to make your life easier and I=20
don't see how nesting macros that you hardly ever use un-nested makes=20
one's life easier. Other than that, Daniel already offered a refund.
> And that only addresses (doesn't answer) the SECOND question. Here's
> the FIRST again:
>
> Hi;
> Let me try this again. Here's the beginning of my pf.conf:
>
> 1. # SETTING THE STAGE
> 2. # macros
> 3. ext_if=3D"vr0"
> 4. int_if=3D"lo0"
> 5. http_ports=3D"80 8080 7080"
> 6. ssh_ports=3D"22"
> 7. ftp_ports=3D"21 8021 7021"
> 8. smtp_ports=3D"25"
> 9. pop3_ports=3D"110"
> 10. https_ports=3D"443"
> 11. imap_ssl_ports=3D"993 143"
> 12. squid_ports=3D"3128"
> 13. mysql_ports=3D"3306"
> 14. email_ports=3D"{" $smtp_ports $pop3_ports "}"
> 15. all_http_ports=3D"{" $http_ports $https_ports "}"
> 16. tcp_ports=3D "{" $ssh_ports $ftp_ports $all_http_ports
> $imap_ssl_ports "}"
> 17. int_ports=3D"{" $squid_ports $mysql_ports "}"
> 18. tcp_services=3D"ssh, ftp, http"
> 19. web_server=3D"202.71.106.119"
> 20. NoRouteIPs =3D "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
> 21. shinjiru_ip_addresses=3D"202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> 22. directv_ip_addresses=3D"69.19.0.0 netmask 0.0.127.255"
> 23. shadday_ip_addresses=3D""
> 24. ssh_ip_addresses=3D"{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"
>
> Here's what I get when I try to load it:
> server167# pfctl -f /etc/pf.conf
> /etc/pf.conf:16: syntax error
> /etc/pf.conf:24: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
>
> QUESTION #1
> Apparently, it doesn't like *one* my nested macros in line #16 (it
> likes all the others)
Macros are simply placeholder that are expanded in place - THIS IS=20
EXPLAINED IN THE MANUAL PAGE! So line 16 really reads:
> 16. tcp_ports=3D "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }"
Which simply isn't legal as nesting curly braces isn't legal. This was=20
explained to you *several* times in this thread and the one before. I=20
really, really urge you to start reading the replies you are getting and=20
the supplied reading material. Please stop bothering this list with=20
plain stupid questions that can be answered with reading the BNF in=20
pf.conf(5), a tad bit of Google, Y!, or wikipedia or simple human sense.
I still encourage questions, even simple ones - but one should be able to=20
take a hint. If you want somebody to do it for you, you usually pay for=20
that service!
> QUESTION #2
> and it doesn't like the CIDR netmask in line 22. Someone suggested I
> research the archives concerning the latter "where this known problem
> was already discussed" but I found nothing. Would someone care to help
> me with these problems now?
Daniel supplied the pointer to one (of several) threads on this matter=20
above.
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart11920246.CJsCOpXOId
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQBE6dvxXyyEoT62BG0RAjngAJ9K9b9gYhnJLby13CQyzErT+hj4ywCaAtAc
btfuye7f0rP8f6DkjuWhqHA=
=chWj
-----END PGP SIGNATURE-----
--nextPart11920246.CJsCOpXOId--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608211814.41748.max>