Re: pfctl : recursive parsing of groups

On Sun, 30 Mar 2003, Stephen Samuel wrote:

> for pfctl's parsing of pf and nat rules, a grouping is currently

In 3.3 the , will be optional. From pf.conf(5)

     ifspec         = ( [ ! ] interface-name ) | { interface-list }
     interface-list = [ ! ] interface-name [ [ , ] interface-list ]

There's also a new example how to use macros: MACROS
   Much like cpp(1) or m4(1), macros can be defined that will later be ex-    panded in context. Macro names must start with a letter, and may contain    letters, digits and underscores. Macro names may not be reserved words    (for example pass, in, out). Macros are not expanded inside quotes.

   For example,

        ext_if = "kue0"
        all_ifs = "{" $ext_if lo0 "}"
        pass out on $ext_if from any to any keep state
        pass in  on $ext_if proto tcp from any to any port 25 keep state

> The reason for this is that I ran into a situation where I

If you define your macros like this

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

   ext = "xl0"
   int = "xl1 xl2"
you can write it the above rule lik this

   block in log on { $int $ext } proto udp from any port 2002 to any port 2002

> My workaround was:

I guess your problem is already fixed in 3.3.

Cheers,

Dries

--
Dries Schellekens
email: gwyllion@ulyssis.org