-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ben Hughes wrote:
|
| place1 = "10.0.0.1"
| place2 = "10.0.0.2"
| all_places = "{" $place1 $place2 "}"
| pass all
|
|
| It'd be really useful if I could expand macros with subnets in, save
| duplicating IP blocks all over the ruleset. Is this a bug with me of
| pfctl?
I've seen this kind of notation ("{" $... ) many times on the list and
think it's ugly and hard to read.
In your case I use
place1 = "10.0.0.1"
place2 = "10.0.0.2"
all_places = "$place1 $place2"
notice I don't have any curly braces to make a list.
Then in my rules I write:
pass in proto udp from $place1 to any
pass in proto tcp from { $all_places } to any
This way I get the benefit of macro expansion without having to look at
the top of my pf.conf to see if I'm working with a list or not. I also
never seem to run into the kind of problem you described.
~~ Cheers,
-Dave
- --
Dave Mangot
DHAP Digital, Inc. http://www.dhapdigital.com/
San Francisco, CA 415.962.4891
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFBZr7Q3QfngOczpLARApXRAJ4w1qJrGQ6ZP/tg/fbK2fWUOSRB1ACePE4A
Ej2OgogOapYXVhzluCE72qw=
=G3+G
-----END PGP SIGNATURE-----
