From owner-freebsd-pf@FreeBSD.ORG Fri Apr 15 15:08:05 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C073416A4CE for ; Fri, 15 Apr 2005 15:08:05 +0000 (GMT) Received: from zixvpm01.seton.org (zixvpm01.seton.org [207.193.126.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43CE743D45 for ; Fri, 15 Apr 2005 15:08:05 +0000 (GMT) (envelope-from mgrooms@seton.org) Received: from zixvpm01.seton.org (ZixVPM [127.0.0.1]) by Outbound.seton.org (Proprietary) with ESMTP id 878143600E1 for ; Fri, 15 Apr 2005 10:08:04 -0500 (CDT) Received: from smtp-out.seton.org (unknown [10.21.254.249]) by zixvpm01.seton.org (Proprietary) with ESMTP id 384C9330060; Fri, 15 Apr 2005 10:08:04 -0500 (CDT) Received: from localhost (unknown [127.0.0.1]) by smtp-out.seton.org (Postfix) with ESMTP id 2A0D18014E25; Fri, 15 Apr 2005 10:08:04 -0500 (CDT) Received: from smtp-out.seton.org ([10.21.254.249]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 09863-46; Fri, 15 Apr 2005 10:08:04 -0500 (CDT) Received: from ausexfe02.seton.org (ausexfe02.seton.org [10.20.10.185]) by smtp-out.seton.org (Postfix) with ESMTP id 1AF848014E23; Fri, 15 Apr 2005 10:08:04 -0500 (CDT) Received: from [10.20.160.190] ([10.20.160.190]) by ausexfe02.seton.org with Microsoft SMTPSVC(6.0.3790.211); Fri, 15 Apr 2005 10:08:03 -0500 Message-ID: <425FD9D5.90904@seton.org> Date: Fri, 15 Apr 2005 10:12:21 -0500 From: Matthew Grooms Organization: Seton Healthcare Network User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: McLone References: <425DB3F8.1070101@seton.org> <451cb30105041416324ada3f27@mail.gmail.com> In-Reply-To: <451cb30105041416324ada3f27@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 15 Apr 2005 15:08:03.0987 (UTC) FILETIME=[EC152630:01C541CC] X-Virus-Scanned: by amavisd-new at seton.org cc: freebsd-pf@freebsd.org Subject: Re: pf rule macro help ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2005 15:08:05 -0000 Thanks for the response. I can use the macros that contain host addresses or host names. The problem occurs when I use a '/' in a macro and then nest it inside another macro like so ... net1 = "192.168.1.0/24" net2 = "192.168.2.0/24" all_nets = "{" $net1 $net2 "}" pass from $all_nets to any It always causes a syntax error. The pf web page says you can nest macros so I don't know why it errors out. If you remove the "/24" portion of the net1 & net2 macros it works fine. I thought it may have had something to do with the fact that I am running an AMD64 SMP kernel. So I built an i386 UP box and tested the same four lines above ( with and without the net mask ) and got the same result. I know this is a volunteer effort ( and greatly appreciated at that ) but would it be possible for someone to independently confirm what I am seeing and for someone to tell me if this is the intended behavior. Thanks in advance, -Matthew McLone wrote: > On 4/14/05, Matthew Grooms wrote: > >>host1 = "192.168.1.1" >>host2 = "192.168.1.2" >>all_hosts = "{" $host1 $host2 "}" >>... I always get a syntax error on the "all_nets =" line. > > Bugs me too. AFAIK there's no way to nest macroses. > BTW "," isn't needed. BTW Thanks for the tip.