combining macro with interface modifiers in pf.conf

Sat, 25 Jan 2020 02:45:19 -0800 

Hi all,

I'm rewriting some pf.conf rulesets and thought to use interface
modifiers to make them more generic.  Here's an example of what I came
up with:

block in on $IntIF inet proto { tcp, udp } from $IntIF:network to ! $IntIF:0 
port domain
block in on $IntIF inet6 proto { tcp, udp } from $IntIF:network to ! $IntIF:0 
port domain

These rules force users to use the local recursor for DNS lookups.
However, pfctl complains about syntax errors on both lines.  Replacing
the $IntIF:network and $IntIF:0 with em1:network and em1:0 solves the
syntax errors.  From pf.conf(5), it's not quite clear to me that it
isn't allowed to combine macros with interface modifiers.  On macros
it says:

> Macros can be defined that will later be expanded in context.  Macro
> names must start with a letter, digit, or underscore, and may
> contain any of those characters.  Macro names may not be reserved
> words (for example pass, in, out).  Macros are not expanded inside
> quotes.

and on modifiers:

> Interface names, interface group names, and self can have modifiers
> appended:

To me that suggests you can combine a macro with a modifier.  Am I
missing something obvious?  Is there a way to achieve this?

Thanks,

Paul 'WEiRD' de Weerd

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/                 


OpenBSD 6.6-current (GENERIC.MP) #603: Mon Jan 13 13:21:42 MST 2020
    dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8478527488 (8085MB)
avail mem = 8209100800 (7828MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xec120 (49 entries)
bios0: vendor American Megatrends Inc. version "5.11" date 07/20/2018
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI LPIT CSRT
acpi0: wakeup devices SIO1(S0) BRC1(S0) XHC1(S4) HDEF(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 1600.39 MHz, 06-4c-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 80MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 1600.03 MHz, 06-4c-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 115 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe0000000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C3(10@1000 mwait.1@0x64), C2(10@500 mwait.1@0x58), C1(1000@1 
mwait.1), PSS
acpicpu1 at acpi0: C3(10@1000 mwait.1@0x64), C2(10@500 mwait.1@0x58), C1(1000@1 
mwait.1), PSS
acpipwrres0 at acpi0: ID3C, resource for ISP3
acpipwrres1 at acpi0: CLK0, resource for CAMD
acpipwrres2 at acpi0: CLK0, resource for CAM1
acpipwrres3 at acpi0: CLK1, resource for CAM2, CAM3
acpipwrres4 at acpi0: USBC, resource for XHC1
acpipwrres5 at acpi0: FN00, resource for FAN0
acpitz0 at acpi0: critical temperature is 95 degC
acpicmos0 at acpi0
acpipci0 at acpi0 PCI0: 0x00000004 0x00000011 0x00000001
extent `acpipci0 pcibus' (0x0 - 0xff), flags=0
extent `acpipci0 pciio' (0x0 - 0xffffffff), flags=0
     0x70 - 0x77
     0xcf8 - 0xcff
     0x10000 - 0xffffffff
extent `acpipci0 pcimem' (0x0 - 0xffffffffffffffff), flags=0
     0x0 - 0x9ffff
     0x100000 - 0xafffffff
     0xe0000000 - 0xffffffffffffffff
"BCM2E64" at acpi0 not configured
"BCM4752" at acpi0 not configured
"SMO91D0" at acpi0 not configured
"INTCF1C" at acpi0 not configured
acpibtn0 at acpi0: SLPB
"PNP0C0B" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: using VERW MDS workaround
cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1601, 1600, 1520, 1440, 1360, 1280, 
1200, 1120, 1040, 960, 880, 800, 720, 640, 560, 480 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Braswell Host" rev 0x35
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x35
drm0 at inteldrm0
inteldrm0: msi
ahci0 at pci0 dev 19 function 0 "Intel Braswell AHCI" rev 0x35: msi, AHCI 1.3.1
ahci0: port 0: 6.0Gb/s
ahci0: PHY offline on port 1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 860, RVT4> naa.5002538e49628798
sd0: 476940MB, 512 bytes/sector, 976773168 sectors, thin
xhci0 at pci0 dev 20 function 0 "Intel Braswell xHCI" rev 0x35: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel Braswell TXE" rev 0x35 at pci0 dev 26 function 0 not configured
azalia0 at pci0 dev 27 function 0 "Intel Braswell HD Audio" rev 0x35: msi
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel Braswell PCIE" rev 0x35: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 
00:e0:67:15:cc:6c
ppb1 at pci0 dev 28 function 1 "Intel Braswell PCIE" rev 0x35: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 
00:e0:67:15:cc:6d
pcib0 at pci0 dev 31 function 0 "Intel Braswell PCU LPC" rev 0x35
ichiic0 at pci0 dev 31 function 3 "Intel Braswell SMBus" rev 0x35: apic 1 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
uhub1 at uhub0 port 3 configuration 1 interface 0 "Terminus Technology USB 2.0 
Hub [MTT]" rev 2.00/1.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (373c25ceb4cfd4f6.a) swap on sd0b dump on sd0b
inteldrm0: 1024x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
umass0 at uhub0 port 9 configuration 1 interface 0 "JMicron USB 3.1 Storage 
Device" rev 3.20/31.02 addr 3
umass0: using SCSI over Bulk-Only
scsibus4 at umass0: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0: <INTEL SS, DPEKNW020T8, 3102> 
serial.152d0583456789ABCDEF
sd1: 1953514MB, 512 bytes/sector, 4000797360 sectors
sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd2: 1894406MB, 512 bytes/sector, 3879745103 sectors

Reply via email to