hi,
$ext_if - expands to the name of the interface
($ext_if) - expands to the ip address assigned to the interface
On 06.06.18 12:21, Johan Mellberg wrote:
Hi,
I am working my way through "The Book of Pf" and got hung up on the
example on page 31 of edition 3 (I am reading edition 2 but the
example seems to be identical in edition 3):
ext_if = "re0" # macro for external interface - use tun0 or pppoe0 for PPPoE
int_if = "re1" # macro for internal interface
localnet = $int_if:network
# ext_if IPv4 address could be dynamic, hence ($ext_if)
match out on $ext_if inet from $localnet nat-to ($ext_if) # NAT, match IPv4 only
block all
pass from { self, $localnet
So, what it does is not a problem, I understand that, but that set of
parentheses around $ext_if confuses me. The explanation states that
the IPv4 address could be dynamic (which is clear...) but I look at
that example and as far as I understand, $ext_if should expand to
"re0", not an IP address - right?
Just to test I tried a simple line in my own pf.conf (on OpenBSD 6.3):
ext_if = "em0"
set skip on $ext_if
and tested with pfctl -nvf /etc/pf.conf
That worked so then I put parentheses around $ext_if:
set skip on ($ext_if)
and tested again. This time I got a syntax error!
So could someone please explain this to me? I don't think this is an
error in the book because there is a small paragraph apart from the
comment in the example specifically pointing out the value of these
parentheses - but I can't wrap my head around it. Any help
appreciated!
Sincerely, Johan
