On Sun, 28 Sep 2014 12:05:11 -0400, "System Administrator"
<ad...@bitwise.net> wrote:
> On 28 Sep 2014 at 8:44, Andy Lemin wrote:
>
>>
>> > On 28 Sep 2014, at 05:00, "System Administrator" <ad...@bitwise.net>
>> > wrote:
>> >
>> >> On 27 Sep 2014 at 18:50, Andrew Lester wrote:
>> >>
>> >> Hey guys,
>> >>
>> >> I have what I hope is a simple syntax question for pf rules. I have
>> >> not been able to find any example of this online or in the man
pages.
>> >> I suspect it is perhaps not possible. Basically I want to allow out
>> >> certain web services, with a simple rule like below:
>> >>
>> >> pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any
>> >>
>> >> My trouble is with the $ports macro. Here's what I am trying to do:
>> >>
>> >> $common= '"{80,443,465,587,993}"'
>> >> $games= '"{5222,7778,28900}"'
>> >>
>> >> $ports= "{" $common $games "}"
>> >>
>> >> NOTE: In my real config the macros are above the rule, and I have
>> >> tried with and without enclosing the top two macros in the single
>> >> quotes.
>> >
>> > Your problem is not with the quotes but with the braces -- only one
>> > set of braces is needed and accepted when defining a list.
>> >
>>
>> Or turn ports into a table and put the macros for each interesting set
>> of ports into the table, and use the table in the rule etc.
>
> Have you even tried this??? I'm quite certain that tables can only hold
> various forms of IP addresses and, accordingly, be used in place of
> source or destination *addresses* but not ports.
I must admit that now you say it, I don't think I have!
I use tables to hold many different macro's containing IP address groups
etc, but not ports.. Was pretty tired when I wrote that and didn't think to
question it
>
>> >> This way when I need to allow specific applications out, instead of
>> >> having a huge single macro where I will forget what the ports are
>> >> for, I can have smaller macros that I just add into the single macro
>> >> which I use in the pf rule. Instead of making a new rule for each
>> >> application, I can just add to the $ports macro.
>> >>
>> >> pf however indicates that the $ports macro is not valid syntax.
>> >>
>> >> Is this a syntax error on my part, or is this something pf cannot
do?
>> >> Totally fine if the latter, I just want to make sure I am not
missing
>> >> something silly with the syntax. :)
>> >>
>> >>
>> >> Warm regards,
>> >> Andrew
