> On 28 Sep 2014, at 05:00, "System Administrator" <ad...@bitwise.net> wrote:
>
>> On 27 Sep 2014 at 18:50, Andrew Lester wrote:
>>
>> Hey guys,
>>
>> I have what I hope is a simple syntax question for pf rules. I have not
>> been able to find any example of this online or in the man pages. I
>> suspect it is perhaps not possible. Basically I want to allow out
>> certain web services, with a simple rule like below:
>>
>> pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any
>>
>> My trouble is with the $ports macro. Here's what I am trying to do:
>>
>> $common= '"{80,443,465,587,993}"'
>> $games= '"{5222,7778,28900}"'
>>
>> $ports= "{" $common $games "}"
>>
>> NOTE: In my real config the macros are above the rule, and I have tried
>> with and without enclosing the top two macros in the single quotes.
>
> Your problem is not with the quotes but with the braces -- only one set
> of braces is needed and accepted when defining a list.
>
Or turn ports into a table and put the macros for each interesting set of ports
into the table, and use the table in the rule etc.
>> This way when I need to allow specific applications out, instead of
>> having a huge single macro where I will forget what the ports are for, I
>> can have smaller macros that I just add into the single macro which I
>> use in the pf rule. Instead of making a new rule for each application, I
>> can just add to the $ports macro.
>>
>> pf however indicates that the $ports macro is not valid syntax.
>>
>> Is this a syntax error on my part, or is this something pf cannot do?
>> Totally fine if the latter, I just want to make sure I am not missing
>> something silly with the syntax. :)
>>
>>
>> Warm regards,
>> Andrew
