Re: pf.conf macros not working - syntax error

Reply: Odhiambo Washington : "Re: pf.conf macros not working - syntax error"
In reply to: Odhiambo Washington : "Re: pf.conf macros not working - syntax error"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stefan Haller <stefan+freebsd_at_stha.de>
Date: Thu, 26 May 2022 13:40:30 UTC

On Thu, May 26, 2022 at 04:32:01PM +0300, Odhiambo Washington wrote:
> Why do you need so many " " ? Can you please remove the double quotes
> inside the braces?
> You already quoted the foo and bar so I see no need to re-quote them inside
> the braces.
> 
> [16:24 ~ ]$ pfctl -nvf file
> foo = "10.0.0.0/24"
> bar = "10.1.0.0/24"
> baz = "{ $foo $bar }"

Unfortunately, this does not work, because inside "..." macros are not
expanded. The macro baz literally contains the string "{ $foo $bar }".

If we later use the macro baz as in

> baz = "$foo $bar"
> block in from $baz to any

We get the syntax error (rightfully) on the block line.

This is also properly documented in pf.conf(5):

> MACROS
>      Macros can be defined that will later be expanded in context.  Macro
>      names must start with a letter, and may contain letters, digits and
>      underscores.  Macro names may not be reserved words (for example pass,
>      in, out).  Macros are not expanded inside quotes.
>
>      For example,
>
>            ext_if = "kue0"
>            all_ifs = "{" $ext_if lo0 "}"
>            pass out on $ext_if from any to any
>            pass in  on $ext_if proto tcp from any to any port 25