Hello misc,
Recursive macros which include macros containing certain specific
characters cause syntax errors.
Steps
$ cat pftemp.conf
forwardslash = "100/10"
#forwardslashrecursive = $forwardslash
number = "100"
numberrecursive = $number
string = "keep"
#stringrecursive = $string
ip = "0.0.0.0"
iprecursive = $ip
interface = "em0"
interfacerecursive = $interface
pass in on $interfacerecursive proto tcp from $iprecursive \
$string state \
(max-src-conn $numberrecursive, max-src-conn-rate $forwardslash)
$ pfctl -nf pftemp.conf
The above pf.conf is validated successfully by pfctl. However, removing
the comments from the recursive versions of forwardslash and string
macros cause syntax errors upon validation with pfctl.
Interestingly, not all macros containing number+character combinations
and strings get rejected by pfctl. In the above example, ip and
interface macros can be successfully used in a recursive macro.
Am I correct in drawing these conclusions? If yes, is there a listing
of these specific characters, which are allowed in recursive macros?
Regards,
ab
---------|---------|---------|---------|---------|---------|---------|--
