On Tue, Nov 15, 2005 at 04:22:25PM +0100, Moritz Grimm wrote: > Allowing lists to expand to no rules may or may not be easy, I don't > know -- yacc and pfctl's parser is way above my head ... so I'm just > dropping this idea here; maybe someone finds this useful as well and is > willing to provide a patch? :-P
It's kind of icky to add to the parser. Not so much the suppressing expansion part but adding special values for empty lists. We already (ab)use the values 0 and NULL meaning "any". It would require additional special values for the different kinds of parameters you may want to leave empty (host lists are not the same thing as port ranges, etc.). But that doesn't make it an unreasonable request, maybe there is an elegant implementation, I just haven't found it yet ;) Daniel
