pf rule macro help ...
Matthew Grooms
mgrooms at seton.org
Fri Apr 15 08:08:05 PDT 2005
Thanks for the response. I can use the macros that contain host
addresses or host names. The problem occurs when I use a '/' in a macro
and then nest it inside another macro like so ...
net1 = "192.168.1.0/24"
net2 = "192.168.2.0/24"
all_nets = "{" $net1 $net2 "}"
pass from $all_nets to any
It always causes a syntax error. The pf web page says you can nest
macros so I don't know why it errors out. If you remove the "/24"
portion of the net1 & net2 macros it works fine.
I thought it may have had something to do with the fact that I am
running an AMD64 SMP kernel. So I built an i386 UP box and tested the
same four lines above ( with and without the net mask ) and got the same
result.
I know this is a volunteer effort ( and greatly appreciated at that )
but would it be possible for someone to independently confirm what I am
seeing and for someone to tell me if this is the intended behavior.
Thanks in advance,
-Matthew
McLone wrote:
> On 4/14/05, Matthew Grooms <mgrooms at seton.org> wrote:
>
>>host1 = "192.168.1.1"
>>host2 = "192.168.1.2"
>>all_hosts = "{" $host1 $host2 "}"
>>... I always get a syntax error on the "all_nets =" line.
>
> Bugs me too. AFAIK there's no way to nest macroses.
> BTW "," isn't needed.
BTW Thanks for the tip.
More information about the freebsd-pf
mailing list