Jim Klimov wrote:
...
It would be convenient to have a pool composed of other pools,
instead of copy-pasting the same address ranges to different pools
involved - which is tedious and bound to be error-prone some time
in the future.
I think the thing to do for now is to do something like this in ippool.conf:
hosta=1.2.3.4;
hostb=1.2.3.5;
hostc=1.2.3.6;
table role = ipf type = tree number = 100
{ $hosta; };
table role = ipf type = tree number = 200
{ $hosta; $hostb; };
A similar wish concerns "pooling" specific tcp/udp ports and nesting
of such port-pools to minimize required ruleset lines. For example,
a ruleset to publish a fileserver needs some ports for Samba (137-139
some in tcp, some in udp), CIFS (445) and say NFS (2029, 4045
and 111 to say the least). This can be a dozen rules listing each port,
or this can be a single rule using a port-pool...
Try this:
pass in on le0 proto tcp from any to any port =
(137,138,139,445,2029,4045,111)
Darren
