Antw: Re: preprocessor questions
Daniela
dgw at liwest.at
Sat Dec 4 03:55:31 PST 2004
On Friday 03 December 2004 08:10, Reinhard Haller wrote:
> Hi Daniela,
>
> >>>> Daniela <dgw at liwest.at> 02.12.2004 22:13 >>>
> >
> >On Thursday 02 December 2004 16:03, Reinhard Haller wrote:
> >> Hi,
> >>
> >> I'm using cpp as preprocessor for my firewall rules.
> >>
> >> I'd problems specifying macros.
> >>
> >> #define RULE __LINE__
> >> #define ldap 389
> >> #define ldaps 636
> >> #define all_ldap 389,636
> >>
> >> sample1:
> >> add RULE pass tcp from 192.168.0.0/24 to any ldap,ldaps setup
> >> keep-state
> >>
> >> sample2:
> >> add RULE pass tcp from 192.168.0.0/24 to any all_ldap setup
> >> keep-state
> >>
> >> Sample 1 produces an error, while sample 2 is working. Why?
> >
> >Are you using IPFW 2? If no, the problem is that the preprocessor adds
>
> leading
>
> >and trailing spaces to the macro expansions. In C, this doesn't
>
> matter, but
>
> >IPFW doesn't like it. If you absolutely need to keep it this way, use
>
> IPFW 2.
>
> >Or modify the preprocessor.
>
> In fact the rule
>
> add RULE pass tcp from 192.168.0.0/24 to any 389, 636 setup
>
> and the rule
>
> add RULE pass tcp from 192.168.0.0/24 to any 389 , 636 setup
>
> for ipfw aren't identical as they should be (The second produces an
> error message, caused by the blank between the number and the
> comma).
>
> This is a feature shared by IPFW1 and IPFW2 (I'm using the latter
> one).
Ah yes. But you could try the command line switch "-traditional".
IIRC this will inhibit the generation of spaces.
More information about the freebsd-ipfw
mailing list