I have been using cpp on my firewall to expand my local firewall rules and fill
in the local address and subnetmask. This makes things easier my ISP decides to
change my IP address using DHCP. My firewall is running an approximately one
year old version of current and I'm trying to upgrade it to a recent version.
I am running ipfw as "ipfw -p /usr/bin/cpp -Daddr=value1 -Dmask=value2 file".
My firewall rules have been using constructs similar to the following if put in
a file.
#define addr 192.168.2.5
#define mask 255.255.254.0
add pass tcp from addr:mask to any 25 setup
On the old version of current this expands to
add pass tcp from 192.168.2.5:255.255.254.0 to any 25 setup
but on a new version of current this expands to
add pass tcp from 192.168.2.5 : 255.255.254.0 to any 25 setup
Note the extra spaces around the colon. Unfortunately, this breaks ipfw which
interprets the colon where it expects the "to".
There are several options here:
1) Fix cpp to not emit the extra spaces
2) Fix ipfw to handle addresses being multiple arguments
3) Document the cpp is not a valid preprocessor for ipfw on the manual page.
Option 1 seems like it might be a little difficult. Option 2 looks to be
reasonably simple to implement after reading the code. Option 3 is the easiest,
but I believe it is the wrong way to handle the problem.
I can submit patches for 2 or 3 reasonably quickly. I have no idea about fixing
cpp.
Jim Bloom
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
