Hi Phil,

I noticed some variable expansion code a couple of days ago
(in ipf/tools/ipf.c?), and there's "assign:" and "assignment:"
expansions in all of the ipf/tools/ip*_y.y yacc files:

ipf_y.y
ipmon_y.y
ipnat_y.y
ippool_y.y
ipscan_y.y

Looks like the ip*.conf file macro/variable definition syntax is:

    variable = string ;

and to expand/reference a macro/variable value:

    $variable

Similar to basic shell environment variable usage;
no parameters or M4-ness, and I don't recall noticing
whether recursive expansions would work or not,
but I assume they would - I _think_ the resulting
strings were rescanned.

Probably quite useful for readable IP addresses/ranges,
common rule elements (ie kf=keep state keep frags; $ks).

Also noticed group names and pool names look like they
can be at least 15 (31?) character alphanumeric strings
(based on the same length as a network interface name),
rather than just numbers -- a nice readability improvement.

Rgds, Stuart.


p.s. I was actually trying to figure out ndd -set /dev/pfil xxx
for xxx in qif_ipmp_set and pfil_hl at the time; pretty sure
I've got it, but may post a question or two in a day or so;
thinking of writing a IPMP+PFIL description, particularly
as I'll have to document our use of it at work anyway.


Stuart Remphrey
RMIT ITS Infrastructure Services - Unix Systems
Phone (03) 992 55 070  (or extension 55070)
>>> Phil Dibowitz <[EMAIL PROTECTED]> 04/07/07 6:53 PM >>>
Darren,

In WhatsNew40.txt you mention that ipf.conf and ipnat.conf now support
basic
macros... but I don't see anywhere that provides the syntax for this.
What
is the syntax for this?

Once I know, I'll add it to the FAQ, but it should probably go in ipf(5)
as
well.

Thanks,
-- 
Phil Dibowitz                             [EMAIL PROTECTED]
Open Source software and tech docs        Insanity Palace of Metallica
http://www.phildev.net/                   http://www.ipom.com/

"Never write it in C if you can do it in 'awk';
 Never do it in 'awk' if 'sed' can handle it;
 Never use 'sed' when 'tr' can do the job;
 Never invoke 'tr' when 'cat' is sufficient;
 Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming


Reply via email to