On Fri, 2004-10-08 at 08:08, Ben Hughes wrote:
> Hello,
>
> I'm having some grief with the macro parser of pf and wondering if
> I've either done something dumb or am expecting too much from it.
>
> I have, for the sake of simplicity the following ruleset:
>
> place1 = "10.0.0.1"
> place2 = "10.0.0.2"
> all_places = "{" $place1 $place2 "}"
> pass all
>
> That loads in to pf fine.
>
> however if I make the places be subnets, eg:
>
> place1 = "10.0.0.1/32"
> place2 = "10.0.0.2/32"
> all_places = "{" $place1 $place2 "}"
> pass all
>
> I get:
>
> openbsd# pfctl -n -f ./testpf.conf
> ./testpf.conf:3: syntax error
>
> It'd be really useful if I could expand macros with subnets in, save
> duplicating IP blocks all over the ruleset. Is this a bug with me of
> pfctl?
>
> Thanks.
this has been covered in the archives several times. you need extra
quotes, as in:
net1 = '"172.16.0.0/12"'
net2 = '"192.168.0.0/16"'
net3 = '"10.0.0.0/8"'
rfc1918 = "{" $net1 $net2 $net3 "}"
block from $rfc1918
-j
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
The Celts invented two things, Whiskey and self-destruction.
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
