Syntax Error

[Jeremy C. Reed]

> For some reason the parser likes this syntax in certain places but not in
> others:
> 
> 1. # SETTING THE STAGE
> 2. # macros
> 3. ext_if="vr0"
> 4. int_if="lo0"
> 5. http_ports="80 8080 7080"
> 6. ssh_ports="22"
> 7. ftp_ports="21 8021 7021"
> 8. smtp_ports="25"
> 9. pop3_ports="110"
> 10. https_ports="443"
> 11. imap_ssl_ports="993 143"
> 12. squid_ports="3128"
> 13. mysql_ports="3306"
> 14. email_ports="{" $smtp_ports $pop3_ports "}"
> 15. all_http_ports="{" $http_ports $https_ports "}"
> 16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"

I don't think you can  put a list inside of another list.

> 17. int_ports="{" $squid_ports $mysql_ports "}"
> 18. tcp_services="ssh, ftp, http"
> 20. web_server="202.71.106.119"
> 21. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
> 22. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> 23. directv_ip_addresses="69.19.0.0/17"
> 24. shadday_ip_addresses="70.19.0.0/17"
> 25. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"

I don't know why the list doesn't allow the macro with the /netmask. If 
the macros don't have a /netmask the list works (but not what you want).

> server167# pfctl -f /etc/pf.conf && sleep 60 && pfctl -f /etc/pf.conf_BAK
> /etc/pf.conf:16: syntax error
> /etc/pf.conf:24: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
> 
> It appears to not like my using "$all_http_ports" in line 16 and one of the
> three in the last line (which the machine chooses to call 24 but it is
> actually referring to 25). Why?

Because you are missing line #19 above so it is off by one.