Hi Phil,
I noticed some variable expansion code a couple of days ago
(in ipf/tools/ipf.c?), and there's "assign:" and "assignment:"
expansions in all of the ipf/tools/ip*_y.y yacc files:
ipf_y.y
ipmon_y.y
ipnat_y.y
ippool_y.y
ipscan_y.y
Looks like the ip*.conf file macro/variable definition syntax is:
variable = string ;
and to expand/reference a macro/variable value:
$variable
Similar to basic shell environment variable usage;
no parameters or M4-ness, and I don't recall noticing
whether recursive expansions would work or not,
but I assume they would - I _think_ the resulting
strings were rescanned.
Probably quite useful for readable IP addresses/ranges,
common rule elements (ie kf=keep state keep frags; $ks).
Also noticed group names and pool names look like they
can be at least 15 (31?) character alphanumeric strings
(based on the same length as a network interface name),
rather than just numbers -- a nice readability improvement.
Rgds, Stuart.
p.s. I was actually trying to figure out ndd -set /dev/pfil xxx
for xxx in qif_ipmp_set and pfil_hl at the time; pretty sure
I've got it, but may post a question or two in a day or so;
thinking of writing a IPMP+PFIL description, particularly
as I'll have to document our use of it at work anyway.
Stuart Remphrey
RMIT ITS Infrastructure Services - Unix Systems
Phone (03) 992 55 070 (or extension 55070)
>>> Phil Dibowitz <[EMAIL PROTECTED]> 04/07/07 6:53 PM >>>
Darren,
In WhatsNew40.txt you mention that ipf.conf and ipnat.conf now support
basic
macros... but I don't see anywhere that provides the syntax for this.
What
is the syntax for this?
Once I know, I'll add it to the FAQ, but it should probably go in ipf(5)
as
well.
Thanks,
--
Phil Dibowitz [EMAIL PROTECTED]
Open Source software and tech docs Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"Never write it in C if you can do it in 'awk';
Never do it in 'awk' if 'sed' can handle it;
Never use 'sed' when 'tr' can do the job;
Never invoke 'tr' when 'cat' is sufficient;
Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
