On 27 Sep 2014 at 18:50, Andrew Lester wrote: > Hey guys, > > I have what I hope is a simple syntax question for pf rules. I have not > been able to find any example of this online or in the man pages. I > suspect it is perhaps not possible. Basically I want to allow out > certain web services, with a simple rule like below: > > pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any > > My trouble is with the $ports macro. Here's what I am trying to do: > > $common= '"{80,443,465,587,993}"' > $games= '"{5222,7778,28900}"' > > $ports= "{" $common $games "}" > > NOTE: In my real config the macros are above the rule, and I have tried > with and without enclosing the top two macros in the single quotes.
Your problem is not with the quotes but with the braces -- only one set of braces is needed and accepted when defining a list. > This way when I need to allow specific applications out, instead of > having a huge single macro where I will forget what the ports are for, I > can have smaller macros that I just add into the single macro which I > use in the pf rule. Instead of making a new rule for each application, I > can just add to the $ports macro. > > pf however indicates that the $ports macro is not valid syntax. > > Is this a syntax error on my part, or is this something pf cannot do? > Totally fine if the latter, I just want to make sure I am not missing > something silly with the syntax. :) > > > Warm regards, > Andrew