Never Ask Questions On A Friday Afternoon
Michal Mertl
mime at traveller.cz
Mon Aug 21 23:12:21 UTC 2006
beno wrote:
> Max Laier wrote:
> > printf 'list="{ 10/8, 192.168.0/24 }"\npass from $list to any\n' |
> > pfctl -nvf-
> >
> > list = "{ 10/8, 192.168.0/24 }"
> > pass inet from 10.0.0.0/8 to any
> > pass inet from 192.168.0.0/24 to any
> >
> I'm sure I misunderstand. Here is *my* code:
>
> shinjiru_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8"
> directv_ip_addresses="{ 69.19.0.0/17 }"
> shadday_ip_addresses=""
> ssh_ip_addresses="{" $shinjiru_ip_addresses $directv_ip_addresses
> $shadday_ip_addresses "}"
>
> The parser throws an error on the last line because it won't render
> $directv_ip_addresses
> Now, I could do something really ugly like this:
>
> ssh_ip_addresses="202.71.102.114 202.71.100.126 202.71.106.30
> 202.71.106.118 202.71.106.188 203.142.1.8 69.19.0.0/17 "
>
> and just say the hell with it, but I'd like to write elegant code...
> TIA,
> beno
This (whole config file to pass info pfctl -f) works:
--
directv_ip_addresses="69.19.0.0/17"
sh_ip_addresses="{ $directv_ip_addresses }"
--
and this doesn't:
--
directv_ip_addresses="69.19.0.0/17"
sh_ip_addresses="{" $directv_ip_addresses "}"
--
This is exactly the kind of problem which drives me crazy but we
probably have to accept the way a particular parser works. For the
record - the parser, which I had similar "stupid" issues with, was from
a different product.
HTH
Michal
More information about the freebsd-pf
mailing list