Antw: Re: preprocessor questions
Reinhard Haller
reinhard.haller at interactive-net.de
Fri Dec 3 00:11:00 PST 2004
Hi Daniela,
>>>> Daniela <dgw at liwest.at> 02.12.2004 22:13 >>>
>On Thursday 02 December 2004 16:03, Reinhard Haller wrote:
>> Hi,
>>
>> I'm using cpp as preprocessor for my firewall rules.
>>
>> I'd problems specifying macros.
>>
>> #define RULE __LINE__
>> #define ldap 389
>> #define ldaps 636
>> #define all_ldap 389,636
>>
>> sample1:
>> add RULE pass tcp from 192.168.0.0/24 to any ldap,ldaps setup
>> keep-state
>>
>> sample2:
>> add RULE pass tcp from 192.168.0.0/24 to any all_ldap setup
>> keep-state
>>
>> Sample 1 produces an error, while sample 2 is working. Why?
>
>Are you using IPFW 2? If no, the problem is that the preprocessor adds
leading
>and trailing spaces to the macro expansions. In C, this doesn't
matter, but
>IPFW doesn't like it. If you absolutely need to keep it this way, use
IPFW 2.
>Or modify the preprocessor.
In fact the rule
add RULE pass tcp from 192.168.0.0/24 to any 389, 636 setup
and the rule
add RULE pass tcp from 192.168.0.0/24 to any 389 , 636 setup
for ipfw aren't identical as they should be (The second produces an
error message, caused by the blank between the number and the
comma).
This is a feature shared by IPFW1 and IPFW2 (I'm using the latter
one).
Reinhard
More information about the freebsd-ipfw
mailing list