This is accepted by the pfclt compiler just fine:
http_ports="80 8080 7080"
ssh_ports="22"
ftp_ports="21 8021 7021"
smtp_ports="25"
pop3_ports="110"
https_ports="443"
imap_ssl_ports="993 143"
squid_ports="3128"
mysql_ports="3306"
email_ports='"{' $smtp_ports $pop3_ports '}"'
all_http_ports='"{' $http_ports $https_ports '}"'
tcp_ports= "{" $ssh_ports $ftp_ports $all_http_ports $imap_ssl_ports "}"
However, this line throws errors:
pass in quick inet proto tcp from any to $web_server port $tcp_ports
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce>
flush global)
If I replace "$tcp_ports" with "$ssh_ports" it works. Just throws a
syntax error.
If I replace "$tcp_ports" with "$ftp_ports" it does not work, but if I
change that to "{ $ftp_ports }" it does work. Why??
If I replace "$tcp_ports" with "$all_http_ports" it doesn't work. Says
it doesn't recognize ports 80, 7080, 8080 or 443. Now, 443 isn't being
used yet, so I removed that port. Raised the same error. Removed all but
80. Same thing. Curly braces didn't help me here.
Reading the tutorial says this:
Here is an example of a list:
block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
Here is an example of a macro:
friends = "{ 192.168.1.1, 10.0.2.5, 192.168.43.53 }"
Notice the curly braces on the macro. I can't get those to work, but it
seems to accept my macros without curly braces. Perhaps that is unique
to OpenBSD. Perhaps its outdated. Dunno. However, *that* is *all* the
information the tutorial has on the subject (you may look here in the
chapter appropriately entitled "Lists and Macros" to verify:
http://www.openbsd.org/faq/pf/macros.html ), so I presume the only other
source is, unfortunately, this most generous list.
TIA,
beno
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
