On 2015-09-04 14:30, Joseph A Borg wrote:
> I have something like this in pf.conf:
>
> services = "{
> ssh,
> \
> http, https, 8000,
> 8080, 8088, \
> smtp, pop3, pop3s,
> imap, imaps, \
> submission, 465,
> \
> domain, ntp
> \
> }"
>
> if there’s white space after the back slash the parser barfs by not creating
> the macro and then raising an error when it’s first used.
>
> I would assume this to be an inconvenience for the user as it’s not always
> possible to check whitespace after the backslash
Everyone who commented so far seem to have missed the obvious - you
don't NEED to escape the newline in this case. The parser handles this
case just fine without them:
paddan:/etc# cat /tmp/tstpf.conf
services = "{
ssh,
http, https, 8000, 8080, 8088,
smtp, pop3, pop3s, imap, imaps,
submission, 465,
domain, ntp
}"
block in proto tcp from any to any port $services
paddan:/etc# pfctl -f /tmp/tstpf.conf
paddan:/etc# pfctl -s rules
block drop in proto tcp from any to any port = 22
block drop in proto tcp from any to any port = 80
block drop in proto tcp from any to any port = 443
block drop in proto tcp from any to any port = 8000
block drop in proto tcp from any to any port = 8080
block drop in proto tcp from any to any port = 8088
block drop in proto tcp from any to any port = 25
block drop in proto tcp from any to any port = 110
block drop in proto tcp from any to any port = 995
block drop in proto tcp from any to any port = 143
block drop in proto tcp from any to any port = 993
block drop in proto tcp from any to any port = 587
block drop in proto tcp from any to any port = 465
block drop in proto tcp from any to any port = 53
block drop in proto tcp from any to any port = 123
paddan:/etc# _
Regards,
/Benny
