Another Lists/Macros Question

Remko Lodder remko at FreeBSD.org
Tue Aug 22 21:25:33 UTC 2006 

beno wrote:
> This is accepted by the pfclt compiler just fine:
> 
> http_ports="80 8080 7080"
> ssh_ports="22"
> ftp_ports="21 8021 7021"
> smtp_ports="25"
> pop3_ports="110"
> https_ports="443"
> imap_ssl_ports="993 143"
> squid_ports="3128"
> mysql_ports="3306"
> email_ports='"{' $smtp_ports $pop3_ports '}"'
> all_http_ports='"{' $http_ports $https_ports '}"'
> tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
> 
> However, this line throws errors:
> 
> pass in quick inet proto tcp from any to $web_server port $tcp_ports
> flags S/SA keep state \
>    (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
> flush global)
> 
> If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a
> syntax error.
> If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I
> change that to "{ $ftp_ports }" it does work. Why??
> If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says
> it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being
> used yet, so I removed that port. Raised the same error. Removed all but
> 80. Same thing. Curly braces didn't help me here.
> 
> Reading the tutorial says this:
> 
> Here is an example of a list:
> block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
> Here is an example of a macro:
> friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }"
> 
> Notice the curly braces on the macro. I can't get those to work, but it
> seems to accept my macros without curly braces. Perhaps that is unique
> to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the
> information the tutorial has on the subject (you may look here in the
> chapter appropriately entitled "Lists and Macros" to verify:
> http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other
> source is, unfortunately, this most generous list.
> TIA,
> beno
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

Dude,

You really should start _reading_ and _understanding_ what people
tell you.  I think this is the same problem as you raised before.
Please look at those messages for more support.

Now again: read the docs and solve your problem.

Thanks,
remko

-- 
Kind regards,

    Remko Lodder  ** remko at elvandar.org
         FreeBSD  ** remko at FreeBSD.org

More information about the freebsd-pf mailing list