The branch main has been updated by imp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=54f278caf37f9ab578ee58fc70c7b66446ea7e84
commit 54f278caf37f9ab578ee58fc70c7b66446ea7e84
Author: Quentin Thébault <quentin.theba...@defenso.fr>
AuthorDate: 2024-11-07 06:13:05 +0000
Commit: Warner Losh <i...@freebsd.org>
CommitDate: 2025-06-13 01:21:45 +0000
pf.conf.5: additional quoting for ranges in lists
When defining network address ranges in macros that will later be used
as items in list macro, these ranges must be quoted with additiona
simple quotes.
For instance, the following does not work and is rejected as a syntax
error:
usr = "192.168.1.0/24"
srv = "192.168.2.10 - 192.168.29"
nat_ranges = "{" $usr $srv "}"
Defining ranges as the following instead will work:
usr = "'192.168.1.0/24'"
srv = "'192.168.2.10 - 192.168.29'"
MFC after: 3 days
Reviewed by: imp, ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1516
---
share/man/man5/pf.conf.5 | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index a9fd9e8b29e1..30d0e4ca9904 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -100,6 +100,8 @@ Macro names may not be reserved words (for example
.Ar in ,
.Ar out ) .
Macros are not expanded inside quotes.
+Ranges of network addresses used in macros that will be expanded in lists
+later on must be quoted with additional simple quotes.
.Pp
For example,
.Bd -literal -offset indent
@@ -107,6 +109,11 @@ ext_if = \&"kue0\&"
all_ifs = \&"{\&" $ext_if lo0 \&"}\&"
pass out on $ext_if from any to any
pass in on $ext_if proto tcp from any to any port 25
+
+usr_lan_range = "'192.0.2.0/24'"
+srv_lan_range = "'198.51.100.0 - 198.51.100.255'"
+nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&"
+nat on $ext_if from $nat_ranges to any -> ($ext_if)
.Ed
.Sh TABLES
Tables are named structures which can hold a collection of addresses and
