Date: Mon, 21 Aug 2006 18:14:36 +0200 From: Max Laier <max@love2party.net> To: beno <zope@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: Never Ask Questions On A Friday Afternoon Message-ID: <200608211814.41748.max@love2party.net> In-Reply-To: <44E9D57C.9010905@2012.vi> References: <44E9C775.5060009@2012.vi> <20060821151505.GA18457@insomnia.benzedrine.cx> <44E9D57C.9010905@2012.vi>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart11920246.CJsCOpXOId Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 21 August 2006 17:47, beno wrote: > Daniel Hartmeier wrote: > > If you don't care about that, the short answer is that the '/' in the > > CIDR notation makes a difference, and you'll have to accept this as a > > parser peculiarity. Alternatively you can send in a patch or request > > your money back. > > You mean, NOBODY has dealt with this problem before?! Are there no > work-arounds?? What does everyone else do when faced with this > problem?? I don't see a problem. Macros are there to make your life easier and I=20 don't see how nesting macros that you hardly ever use un-nested makes=20 one's life easier. Other than that, Daniel already offered a refund. > And that only addresses (doesn't answer) the SECOND question. Here's > the FIRST again: > > Hi; > Let me try this again. Here's the beginning of my pf.conf: > > 1. # SETTING THE STAGE > 2. # macros > 3. ext_if=3D"vr0" > 4. int_if=3D"lo0" > 5. http_ports=3D"80 8080 7080" > 6. ssh_ports=3D"22" > 7. ftp_ports=3D"21 8021 7021" > 8. smtp_ports=3D"25" > 9. pop3_ports=3D"110" > 10. https_ports=3D"443" > 11. imap_ssl_ports=3D"993 143" > 12. squid_ports=3D"3128" > 13. mysql_ports=3D"3306" > 14. email_ports=3D"{" $smtp_ports $pop3_ports "}" > 15. all_http_ports=3D"{" $http_ports $https_ports "}" > 16. tcp_ports=3D "{" $ssh_ports $ftp_ports $all_http_ports > $imap_ssl_ports "}" > 17. int_ports=3D"{" $squid_ports $mysql_ports "}" > 18. tcp_services=3D"ssh, ftp, http" > 19. web_server=3D"202.71.106.119" > 20. NoRouteIPs =3D "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" > 21. shinjiru_ip_addresses=3D"202.71.102.114 202.71.100.126 202.71.106.30 > 202.71.106.118 202.71.106.188 203.142.1.8" > 22. directv_ip_addresses=3D"69.19.0.0 netmask 0.0.127.255" > 23. shadday_ip_addresses=3D"" > 24. ssh_ip_addresses=3D"{" $shinjiru_ip_addresses $directv_ip_addresses > $shadday_ip_addresses "}" > > Here's what I get when I try to load it: > server167# pfctl -f /etc/pf.conf > /etc/pf.conf:16: syntax error > /etc/pf.conf:24: syntax error > pfctl: Syntax error in config file: pf rules not loaded > > QUESTION #1 > Apparently, it doesn't like *one* my nested macros in line #16 (it > likes all the others) Macros are simply placeholder that are expanded in place - THIS IS=20 EXPLAINED IN THE MANUAL PAGE! So line 16 really reads: > 16. tcp_ports=3D "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }" Which simply isn't legal as nesting curly braces isn't legal. This was=20 explained to you *several* times in this thread and the one before. I=20 really, really urge you to start reading the replies you are getting and=20 the supplied reading material. Please stop bothering this list with=20 plain stupid questions that can be answered with reading the BNF in=20 pf.conf(5), a tad bit of Google, Y!, or wikipedia or simple human sense. I still encourage questions, even simple ones - but one should be able to=20 take a hint. If you want somebody to do it for you, you usually pay for=20 that service! > QUESTION #2 > and it doesn't like the CIDR netmask in line 22. Someone suggested I > research the archives concerning the latter "where this known problem > was already discussed" but I found nothing. Would someone care to help > me with these problems now? Daniel supplied the pointer to one (of several) threads on this matter=20 above. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart11920246.CJsCOpXOId Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE6dvxXyyEoT62BG0RAjngAJ9K9b9gYhnJLby13CQyzErT+hj4ywCaAtAc btfuye7f0rP8f6DkjuWhqHA= =chWj -----END PGP SIGNATURE----- --nextPart11920246.CJsCOpXOId--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608211814.41748.max>