On Friday 08 October 2004 15:43, Ben wrote: > On Fri, Oct 08, 2004 at 08:53:11AM -0400, Jason Opperisano wrote: > > > It'd be really useful if I could expand macros with subnets in, save > > > duplicating IP blocks all over the ruleset. Is this a bug with me of > > > pfctl? > > > > this has been covered in the archives several times. you need extra > > quotes, as in: > > Ah, fantastic, thanks. I had a look around tut website and manpages, > perhaps adding this to the FAQ or manpage would stop people like me in > future.
How about this diff? -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
Index: pf.conf.5
===================================================================
RCS file: /usr/store/mlaier/ocvs/src/share/man/man5/pf.conf.5,v
retrieving revision 1.301
diff -u -r1.301 pf.conf.5
--- pf.conf.5 21 Sep 2004 16:59:11 -0000 1.301
+++ pf.conf.5 8 Oct 2004 16:19:04 -0000
@@ -100,6 +100,18 @@
pass out on $ext_if from any to any keep state
pass in on $ext_if proto tcp from any to any port 25 keep state
.Ed
+.Pp
+Note that there is a parser problem with recursive macros and netmask
+specifications.
+In order to use network specifying macros recursively you must double quote
+them.
+.Pp
+For example,
+.Bd -literal -offset indent
+net1 = \&"\&'10/8\&'\&"
+net2 = \&"\&'192.168.0/24\&'\&"
+nets = \&"{\&" $net1 $net2 \&"}\&"
+.Ed
.Sh TABLES
Tables are named structures which can hold a collection of addresses and
networks.
pgpGnKjo6uFI9.pgp
Description: PGP signature
