On Sunday 03 August 2008, nate wrote:
> Hello there ..
>
> I am in the process of building a new OpenBSD 4.3 system in
> parallel to my existing 4.1 system and ran into a little
> glitch with regards to migrating my pf rule set to the new
> system.
>
> It seems that in 4.3, macros that expand to ports with
> variables doesn't work anymore. I get a syntax error. I've
> been using this since about 3.6, so didn't expect it to
> break.
>
> I've stripped the firewall config down to as basic as I can
> make it, to reflect the behavior:
>
> --begin firewall config--
> external = fxp5
> ssh = "22"
> smtp = "25"
> penguin = "216.39.174.25"
> penguin_ports = "{" $ssh $smtp "}"
> pass in quick on $external \
> proto tcp \
> from any \
> to $penguin \
> port $penguin_ports \
> flags S/SA \
> keep state
>
> --end firewall config--
> (my original firewall config is about 370 lines, this is just
> the bare minimum to repro the behavior)
>
> If I try to validate the config with pfctl under 4.1 it
> validates no problem, if I try under 4.3 I get:
>
> pf.conf_small:5: syntax error
> pf.conf_small:10: macro 'penguin_ports' not defined
> pf.conf_small:11: syntax error
>
> I have other macros that have variables in them, which expand
> to IP addresses instead of port numbers and those validate
> no problem in 4.3.
>
> I looked at the web-based changelog of 4.1->4.2 and 4.2->4.3
> but didn't notice anything that might trigger this. I also
> re-checked the FAQ and from what I can tell what I am
> doing is still valid.
>
> any ideas?
>
> thanks
>
> nate
Hello,
penguin_ports = "{" $ssh $smtp "}" <-- I think it should be like :
penguin_ports = "{" $ssh, $smtp "}"
--
Best Regards,
Vasile Cristescu
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc ]
