On 28 Sep 2014 at 8:44, Andy Lemin wrote: > > > On 28 Sep 2014, at 05:00, "System Administrator" <[email protected]> > > wrote: > > > >> On 27 Sep 2014 at 18:50, Andrew Lester wrote: > >> > >> Hey guys, > >> > >> I have what I hope is a simple syntax question for pf rules. I have > >> not been able to find any example of this online or in the man pages. > >> I suspect it is perhaps not possible. Basically I want to allow out > >> certain web services, with a simple rule like below: > >> > >> pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any > >> > >> My trouble is with the $ports macro. Here's what I am trying to do: > >> > >> $common= '"{80,443,465,587,993}"' > >> $games= '"{5222,7778,28900}"' > >> > >> $ports= "{" $common $games "}" > >> > >> NOTE: In my real config the macros are above the rule, and I have > >> tried with and without enclosing the top two macros in the single > >> quotes. > > > > Your problem is not with the quotes but with the braces -- only one > > set of braces is needed and accepted when defining a list. > > > > Or turn ports into a table and put the macros for each interesting set > of ports into the table, and use the table in the rule etc.
Have you even tried this??? I'm quite certain that tables can only hold various forms of IP addresses and, accordingly, be used in place of source or destination *addresses* but not ports. > >> This way when I need to allow specific applications out, instead of > >> having a huge single macro where I will forget what the ports are > >> for, I can have smaller macros that I just add into the single macro > >> which I use in the pf rule. Instead of making a new rule for each > >> application, I can just add to the $ports macro. > >> > >> pf however indicates that the $ports macro is not valid syntax. > >> > >> Is this a syntax error on my part, or is this something pf cannot do? > >> Totally fine if the latter, I just want to make sure I am not missing > >> something silly with the syntax. :) > >> > >> > >> Warm regards, > >> Andrew
