Never Ask Questions On A Friday Afternoon
beno
zope at 2012.vi
Mon Aug 21 15:47:29 UTC 2006
Daniel Hartmeier wrote:
> If you don't care about that, the short answer is that the '/' in the
> CIDR notation makes a difference, and you'll have to accept this as a
> parser peculiarity. Alternatively you can send in a patch or request
> your money back.
>
You mean, NOBODY has dealt with this problem before?! Are there no
work-arounds?? What does everyone else do when faced with this problem??
And that only addresses (doesn't answer) the SECOND question. Here's the
FIRST again:
Hi;
Let me try this again. Here's the beginning of my pf.conf:
1. # SETTING THE STAGE
2. # macros
3. ext_if="vr0"
4. int_if="lo0"
5. http_ports="80 8080 7080"
6. ssh_ports="22"
7. ftp_ports="21 8021 7021"
8. smtp_ports="25"
9. pop3_ports="110"
10. https_ports="443"
11. imap_ssl_ports="993 143"
12. squid_ports="3128"
13. mysql_ports="3306"
14. email_ports="{" $smtp_ports $pop3_ports "}"
15. all_http_ports="{" $http_ports $https_ports "}"
16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports
"}"
17. int_ports="{" $squid_ports $mysql_ports "}"
18. tcp_services="ssh, ftp, http"
19. web_server="202.71.106.119"
20. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
21. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
202.71.106.118 202.71.106.188 203.142.1.8"
22. directv_ip_addresses="69.19.0.0 netmask 0.0.127.255"
23. shadday_ip_addresses=""
24. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
$shadday_ip_addresses "}"
Here's what I get when I try to load it:
server167# pfctl -f /etc/pf.conf
/etc/pf.conf:16: syntax error
/etc/pf.conf:24: syntax error
pfctl: Syntax error in config file: pf rules not loaded
QUESTION #1
Apparently, it doesn't like *one* my nested macros in line #16 (it likes
all the others)
QUESTION #2
and it doesn't like the CIDR netmask in line 22. Someone suggested I
research the archives concerning the latter "where this known problem
was already discussed" but I found nothing. Would someone care to help
me with these problems now?
TIA,
beno
More information about the freebsd-pf
mailing list