Never Ask Questions On A Friday Afternoon

Max Laier max at love2party.net
Mon Aug 21 16:14:54 UTC 2006 

On Monday 21 August 2006 17:47, beno wrote:
> Daniel Hartmeier wrote:
> > If you don't care about that, the short answer is that the '/' in the
> > CIDR notation makes a difference, and you'll have to accept this as a
> > parser peculiarity. Alternatively you can send in a patch or request
> > your money back.
>
> You mean, NOBODY has dealt with this problem before?! Are there no
> work-arounds?? What does everyone else do when faced with this
> problem??

I don't see a problem.  Macros are there to make your life easier and I 
don't see how nesting macros that you hardly ever use un-nested makes 
one's life easier.  Other than that, Daniel already offered a refund.

> And that only addresses (doesn't answer) the SECOND question. Here's
> the FIRST again:
>
> Hi;
> Let me try this again. Here's the beginning of my pf.conf:
>
> 1. # SETTING THE STAGE
> 2. # macros
> 3. ext_if="vr0"
> 4. int_if="lo0"
> 5. http_ports="80 8080 7080"
> 6. ssh_ports="22"
> 7. ftp_ports="21 8021 7021"
> 8. smtp_ports="25"
> 9. pop3_ports="110"
> 10. https_ports="443"
> 11. imap_ssl_ports="993 143"
> 12. squid_ports="3128"
> 13. mysql_ports="3306"
> 14. email_ports="{" $smtp_ports $pop3_ports "}"
> 15. all_http_ports="{" $http_ports $https_ports "}"
> 16. tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports
> $imap_ssl_ports "}"
> 17. int_ports="{" $squid_ports $mysql_ports "}"
> 18. tcp_services="ssh, ftp, http"
> 19. web_server="202.71.106.119"
> 20. NoRouteIPs = "127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
> 21. shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> 22. directv_ip_addresses="69.19.0.0 netmask  0.0.127.255"
> 23. shadday_ip_addresses=""
> 24. ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"
>
> Here's what I get when I try to load it:
> server167# pfctl -f /etc/pf.conf
> /etc/pf.conf:16: syntax error
> /etc/pf.conf:24: syntax error
> pfctl: Syntax error in config file: pf rules not loaded
>
> QUESTION #1
> Apparently, it doesn't like *one* my nested macros in line #16 (it
> likes all the others)

Macros are simply placeholder that are expanded in place - THIS IS 
EXPLAINED IN THE MANUAL PAGE!  So line 16 really reads:

> 16. tcp_ports= "{ 22 21 8021 7021 { 80 8080 7080 443 } 993 143 }"

Which simply isn't legal as nesting curly braces isn't legal.  This was 
explained to you *several* times in this thread and the one before.  I 
really, really urge you to start reading the replies you are getting and 
the supplied reading material.  Please stop bothering this list with 
plain stupid questions that can be answered with reading the BNF in 
pf.conf(5), a tad bit of Google, Y!, or wikipedia or simple human sense.

I still encourage questions, even simple ones - but one should be able to 
take a hint.  If you want somebody to do it for you, you usually pay for 
that service!

> QUESTION #2
> and it doesn't like the CIDR netmask in line 22. Someone suggested I
> research the archives concerning the latter "where this known problem
> was already discussed" but I found nothing. Would someone care to help
> me with these problems now?

Daniel supplied the pointer to one (of several) threads on this matter 
above.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060821/5e64d4ea/attachment.pgp

More information about the freebsd-pf mailing list