On 27 Sep 2014 at 18:50, Andrew Lester wrote:
> Hey guys,
>
> I have what I hope is a simple syntax question for pf rules. I have not
> been able to find any example of this online or in the man pages. I
> suspect it is perhaps not possible. Basically I want to allow out
> certain web services, with a simple rule like below:
>
> pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any
>
> My trouble is with the $ports macro. Here's what I am trying to do:
>
> $common= '"{80,443,465,587,993}"'
> $games= '"{5222,7778,28900}"'
>
> $ports= "{" $common $games "}"
>
> NOTE: In my real config the macros are above the rule, and I have tried
> with and without enclosing the top two macros in the single quotes.
Your problem is not with the quotes but with the braces -- only one set
of braces is needed and accepted when defining a list.
> This way when I need to allow specific applications out, instead of
> having a huge single macro where I will forget what the ports are for, I
> can have smaller macros that I just add into the single macro which I
> use in the pf rule. Instead of making a new rule for each application, I
> can just add to the $ports macro.
>
> pf however indicates that the $ports macro is not valid syntax.
>
> Is this a syntax error on my part, or is this something pf cannot do?
> Totally fine if the latter, I just want to make sure I am not missing
> something silly with the syntax. :)
>
>
> Warm regards,
> Andrew
