The same view of "or"ing items should then apply to tables as well, as does
the use of "{" "}" as macro expansion,
and we all know this not true.
It is also true that "{" and "}" elsewhere are not simple macro expansion.
If they were simple macro expansion then
Block {in out} from addr
Would be valid and it is not
The wishy washy words do tell you that those rules do not apply to address
inside of tables
(well at least in the pf faq they do, but not in man pf.conf) and that the use
of "{" "}" there do not cause macro expansion.
It does not bother me one way or another how it works. I can do what I want
by creating an additional table.
I got the information that I needed without the necessity of building a test
system to try it.
I don't think it is obvious, but I agree it would have be obvious if "{" "}",
were a simple macro expansion, but they are not.
> > On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
> > > I (and I realize I was wrong ) always considered that
> > >
> > > pass quick from { addr 1, addr2 }
> > >
> > > Could be written as
> > >
> > > pass quick from addr1
> > > pass quick from addr2
> > >
> > > put if "!" are used this obvious should not be true
> > >
> > > pass quick from { !addr1, !addr2 }
> > >
> > > cannot be the same as ( at least I hope since I haven't built the
> > > system to test it)
> >
> > > pass quick from !addr1
> > > pass quick from !addr2
> >
> > Yes, it means exactly that.
> >
> > This is not what you'd naively expect, but completely obvious once you
> > understand that {} just macro-expands ("copy-and-pastes"). You can use
> > a table to do what you expect to work.
>
> In these grammers it is obvious that things listed after each other are
joined with an implicit OR operator:
>
> addr1 OR addr2
>
> And thus,
>
> !addr1 OR !addr2
>
> How could it mean anything else? The language does not read minds.
>
> And of course we don't commute it in an english sense. Not in a spanish
sense either. This is a programming langauge, not some wishy washy thing.
