Hey guys,
I have what I hope is a simple syntax question for pf rules. I have not been
able to
find any example of this online or in the man pages. I suspect it is perhaps
not possible.
Basically I want to allow out certain web services, with a simple rule like
below:
pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any
My trouble is with the $ports macro. Here's what I am trying to do:
$common= '"{80,443,465,587,993}"'
$games= '"{5222,7778,28900}"'
$ports= "{" $common $games "}"
NOTE: In my real config the macros are above the rule, and I have tried with and
without enclosing the top two macros in the single quotes.
This way when I need to allow specific applications out, instead of having a
huge single
macro where I will forget what the ports are for, I can have smaller macros
that I just
add into the single macro which I use in the pf rule. Instead of making a new
rule for
each application, I can just add to the $ports macro.
pf however indicates that the $ports macro is not valid syntax.
Is this a syntax error on my part, or is this something pf cannot do? Totally
fine if
the latter, I just want to make sure I am not missing something silly with the
syntax. :)
Warm regards,
Andrew
