On Fri, Jul 16, 2010 at 09:27:16AM +0200, Sebastiaan van Erk wrote:
> Hi,
>
> I am a very happy user of PF, so first of all, thanks for the
> wonderful software!
>
> I do have a feature request though; consider the following example
> from the man page:
>
> ips = "{ 1.2.3.4, 1.2.3.5 }"
> pass in proto tcp from any to $ips \
> port > 1023 label "$dstaddr:$dstport"
>
> I love the list feature: it allows me to use the same ruleset over
> multiple machines, doing the customization in the lists. However, if
> you happen to have an empty list:
>
> ips = "{ }"
>
> then you get a parse error. It would be very useful if this would
> just work. The expected behavior would the be that pf not generate
> any rules at all in this case (one rule for every ip in the list = 0
> rules).
How about using a table instead? Can be empty, can be easily modified on
the fly, is faster when you have a long list of IPs, can be stored in
external file.
> Best regards,
> Sebastiaan van Erk
--
viq
[demime 1.01d removed an attachment of type application/pgp-signature]
