I am running into some trouble with recursive macro expansion, here is
the pf.conf that shows what I am seeing.
--- pf.conf ---
# I am having some trouble with pfctl and recursive macros. I was
# hoping to use nested lists, and that is where I noticed these issues.
# I sure wish nested lists worked.
hosts = '"192.168.1.0/24" "192.168.2.0/24"'
ports = "http https"
host_list = "{" $hosts "}"
port_list = "{" $ports "}"
single_host = "192.168.1.1"
single_port = "http"
# A macro that is nested but does not contain {} works
end_01 = "proto tcp from {" $hosts "} to any port {" $ports "}"
pass $end_01
# And rules containg macros that have {} work
pass proto tcp from $host_list to any port $port_list
# This is to show that rules work with unquoted macros at the end
# as well as the same syntax as the next rule that fails
end_02 = "proto tcp from " $single_host " to any port " $single_port
pass $end_02
# If a macro is recursive and contains {} it doesn't work
end_03 = "proto tcp from " $host_list " to any port " $port_list
pass $end_03
--- pf.conf ---
I am not sure if this is expected or if I am quoting incorrectly or if
something is actually broken. I did read through the archives and see
some suggestions on quoting CIDR notation, but I didn't see anything
about {} in recursive macros.
Does anyone have any idea why the end_03 macro gives a "syntax error"?
l8rZ,
--
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
BOFH excuse of the day: global warming
