[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Nested macros problem in pf.conf

To: "'misc@openbsd.org'" <misc@openbsd.org>
Subject: Nested macros problem in pf.conf
From: Paolo Supino <paolo@telmap.com>
Date: Sun, 2 Nov 2003 22:00:13 +0200

Hi 
  My firewall is an OpenBSD 3.3 (stable) and PF configured.
  I have a problem with nested macros that maybe someone 
Can explain me what I'm doing wrong.

  The problematic macros defined in my pf.conf file are:
IZMR3_INTER_NET_IL="192.114.186.54/32"
IZMR4_INTER_NET_IL="192.114.186.55/32"
MAIL_RU="194.67.57.51/32"
BLUEBY_TEMP_VERIOHOSTING_COM="199.239.233.121/32"
POP3_SERVERS="{ 192.114.186.54/32, 192.114.186.55/32, \
    194.67.57.51/32, 199.239.233.121/32 }"
# imap
MAIL_TEC_AC_IL="212.199.206.107/32"
CSD_CS_TECHNION_AC_IL="132.68.32.8/32"
TECHUNIX_TECHNION_AC_IL="132.68.1.28/32"
BZQ-218-235-143_RED_BEZEQINT_NET="81.218.235.143/32"
IMAP_SERVERS="{ 212.199.206.107/32, 132.68.32.8/32 \
   132.68.1.28/32, 81.218.235.143/32 }"
# imaps
SINTA_TAU_AC_IL="132.66.17.59/32"
IMAPS_SERVERS="{ 132.66.17.59/32 }"

  If I try to change the content of POP3_SERVERS, IMAP_SERVERS
And IMAPS_SERVERS to include the macros defind above them 
so I will get the following macros:
POP3_SERVERS="{ $IZMR3_INTER_NET_IL, $IZMR4_INTER_NET_IL, \
    $MAIL_RU, $BLUEBY_TEMP_VERIOHOSTING_COM }"
IMAP_SERVERS="{ $MAIL_TEC_AC_IL, $TECHUNIX_TECHNION_AC_IL \
   $CSD_CS_TECHNION_AC_IL, $BZQ-218-235-143_RED_BEZEQINT_NET }"
IMAPS_SERVERS="{ $SINTA_TAU_AC_IL }"

I get the following errors while trying to load the rulset:

/etc/pf.conf:249: syntax error
/etc/pf.conf:251: syntax error
/etc/pf.conf:253: syntax error

The three rules that it complains about are:
pass in quick on $INT_IF inet proto tcp from $INTERNAL_NET to \
    $POP3_SERVERS port pop3 keep state
pass in quick on $INT_IF inet proto tcp from $INTERNAL_NET to \
    $IMAP_SERVERS port imap keep state
pass in quick on $INT_IF inet proto tcp from $INTERNAL_NET to \
    $IMAPS_SERVERS port imaps keep state

Can anyone please help me understand what I'm doing wrong?

 

	

	Paolo 

PS - I know that the the 2nd version of the POP3/IMAP/IMAPS _SERVERS
Isn't how it is written in the FAQ, but it's the only way that pfctl
Doesn't complain about syntax error in the macro's lines.

Follow-Ups:
- Re: Nested macros problem in pf.conf
  - From: Balazs Nagy <bnagy@thenewpush.com>

Prev by Date: initial pf-rules -> sysctl -> networking
Next by Date: Re: Nested macros problem in pf.conf
Prev by thread: Re: initial pf-rules -> sysctl -> networking
Next by thread: Re: Nested macros problem in pf.conf
Index(es):
- Date
- Thread