From nobody Thu May 26 13:32:01 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 701B71B3B699 for ; Thu, 26 May 2022 13:32:44 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L884p2fnYz3Jh0 for ; Thu, 26 May 2022 13:32:42 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-vs1-xe2c.google.com with SMTP id w10so1415292vsa.4 for ; Thu, 26 May 2022 06:32:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CXuHC13su8z8JLPVA71PGvtacv+fsibfiVtayfb2P7Q=; b=VIpGpoaYAJ+5KXcYGNKLO/GYxBfTga1R2EwKCw6HBjVCZbnoXVtlo7aNziq39Y4cgj sVoHCsm51j/mpfKia6ozytfboHZnkU2N9/pB7OmadeuP6Sgei3q6biq6cMC4hVJ4oRBg 7pGpZjupQwbSrThiu5Edlf0ikMRx/NOVrYFaND2MYD0H//k4EMw64ciOO8U7xwfKd/Tv 9uCXFtHl/uHW27bx/A6/hyJi0+l89qyxyvulafh20xxEL6V7lFIwX3uikDnj7eXmw4+t KyU8SJHTY5OrJNWvy6a5AFpCpS6fdayeLYACXF5IWR497s9SrJFezcU2t9HxXU5/BtJo 87ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CXuHC13su8z8JLPVA71PGvtacv+fsibfiVtayfb2P7Q=; b=RwblJJLnH3q4j8Aljs0AnTuwHIJLmOuOgzPZKbzZ/RvbmPLCZsYNpb6+PZa6GX+n/1 4DuEd70hSh/M2wdJ6gNrtbzhCKGmWax6/DWvJayXGlW1Zbnj2vR5VAfIviBgdZJNk5HB zQNcwuBLjNZKkcIJaT3hqTvr+j2MBztjcdnAPm96hOMLgeJJlTiRjhomXQ7CRcUI66A5 dUaDM1Jh+5aA5j97kO8oZMi2QcL/ryQlG4/cJtStQylQw2eXlMgHL2hTZnROMmc1womj 2uptKCkp3LlWmgBmgOJkTDNSul2WTNz8yZ/jqejbYCN7XJf3fOXCIhEc5Er48z24qwc8 0BzQ== X-Gm-Message-State: AOAM533FjOk3e5Aja/jlf6q17ueVXm7dfpNlfeUbbDbROnF1pBzQfVoN sRl4YTvGGs3aKQZ5xqFIsgg40QxmSumKcGrQ/ovn07d3n1Qir5NN9Co= X-Google-Smtp-Source: ABdhPJzZDAKkxJ4jSZo1dBaqlpwAQqh416ZYIP5QdG1iv+MJ3IzMrxRfoIiKF6/xWfxlxF3OBVqX9M3ihv1VOToJdpk= X-Received: by 2002:a67:1986:0:b0:335:e09d:fafa with SMTP id 128-20020a671986000000b00335e09dfafamr14912103vsz.73.1653571961789; Thu, 26 May 2022 06:32:41 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Odhiambo Washington Date: Thu, 26 May 2022 16:32:01 +0300 Message-ID: Subject: Re: pf.conf macros not working - syntax error To: Stefan Haller Cc: User Questions Content-Type: multipart/alternative; boundary="00000000000064a29905dfea3932" X-Rspamd-Queue-Id: 4L884p2fnYz3Jh0 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=VIpGpoaY; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2607:f8b0:4864:20::e2c as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[freebsd]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e2c:from]; HTTP_TO_IP(1.00)[]; MLMMJ_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --00000000000064a29905dfea3932 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, May 26, 2022 at 3:46 PM Stefan Haller wrote: > Hi, > > when playing around with my pf.conf ruleset I came across the following > oddity: > > If I define a macro in the following way: > > > foo =3D "10.0.0.1" > > bar =3D "10.1.0.1" > > baz =3D "{" $foo $bar "}" > > I can later use the macro $baz inside a filter rule. > > However, if I store subnets in my macros it does not work. This can > easily be verify by having a file containing only the following three > lines and using `pfctl -nvf file`: > > > foo =3D "10.0.0.0/24" > > bar =3D "10.1.0.0/24" > > baz =3D "{" $foo $bar "}" > > I get: > > > /tmp/test:3: syntax error > > According to the section "macros" in `man 5 pf.conf` the macro > definition is totally legit. Could this be a bug in FreeBSD? Just wanted > to ask the list if I am missing something. I tested it on 13.1-RELEASE > and CURRENT, I always get a syntax error. > Why do you need so many " " ? Can you please remove the double quotes inside the braces? You already quoted the foo and bar so I see no need to re-quote them inside the braces. [16:24 ~ ]$ pfctl -nvf file foo =3D "10.0.0.0/24" bar =3D "10.1.0.0/24" baz =3D "{ $foo $bar }" The syntax errors go away once you change the baz =3D by removing unnecessa= ry quotes :) --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) --00000000000064a29905dfea3932 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, May 26, 2022 at 3:46 PM Stefa= n Haller <stefan+freebsd@sth= a.de> wrote:
Hi,

when playing around with my pf.conf ruleset I came across the following
oddity:

If I define a macro in the following way:

> foo =3D "10.0.0.1"
> bar =3D "10.1.0.1"
> baz =3D "{" $foo $bar "}"

I can later use the macro $baz inside a filter rule.

However, if I store subnets in my macros it does not work. This can
easily be verify by having a file containing only the following three
lines and using `pfctl -nvf file`:

> foo =3D "10.0.0.0/24"
> bar =3D "10.1.0.0/24"
> baz =3D "{" $foo $bar "}"

I get:

> /tmp/test:3: syntax error

According to the section "macros" in `man 5 pf.conf` the macro definition is totally legit. Could this be a bug in FreeBSD? Just wanted to ask the list if I am missing something. I tested it on 13.1-RELEASE
and CURRENT, I always get a syntax error.
=C2=A0
=
Why do you need so many " " ? Can you please remove the doub= le quotes inside the braces?
You already quoted the foo and bar s= o I see no need to re-quote them inside the braces.

[16= :24 ~ ]$ pfctl -nvf file
foo =3D "10= .0.0.0/24"
bar =3D "10.1.0.= 0/24"
baz =3D "{ $foo $bar }"

The syntax errors go away once you change the baz =3D by removing un= necessary quotes :)

=C2=A0


--
Best regards,
Odhiambo WASHINGTON,Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."= ;,=C2=A0egrep -v '^$|^.*#'= =C2=A0=C2=AF\_(=E3=83=84)_/=C2=AF=C2=A0:-)
--00000000000064a29905dfea3932--