Re: pfctl : recursive parsing of groups

From: Stephen Samuel <samuel(at)bcgreen.com>
Date: Mon Mar 31 2003 - 11:47:19 EST

Dries Schellekens wrote:
> On Sun, 30 Mar 2003, Stephen Samuel wrote:

>> for pfctl's parsing of pf and nat rules, a grouping is currently
>> defined as
>>   group ::= NAME | '{' NAME [ , NAME ...] '}'
>>   How difficult would it be to define it a
>>   group ::= NAME | '{' group [ , group ...] '}'

(I guess it would properly be
  ifspec = [ ! ] ( interface-name | interface-group )   interface-group = { interface-list }
  interface-list = interface-name [ [,] ( interface-group | interface list ) ] )

> If you define your macros like this

It seems doable, but it leaves you with the choice of having braces around _any_ macro reference or you losing the orthogonality capability.

(in most cases, I use only one of $int and $ext)

Like I originally pointed out, there are already work-arounds. I'm just looking for a definition that gives a user generality with the fewest surprises -- but without overly increasing the coding requirements.

---

In this case, I redid the not syntax... The reason why is that I came up with a second question: what would be the semantics of   { !xl0 !xl1 } ?
It seems to me that it would logically be either everything or nothing. { !xl0 !xl1 xl2 } would seem to be even less sensical (but legal). ! { xl0 xl1 } makes more sense to me (semantically)

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.

Received on Mon Mar 31 11:49:31 2003