Thanks all! My actual issue was using braces more than once. To the last person
that replied -- that was precisely what I am trying to avoid, having a rule
defined for each set of ports!
Warm regards,
Andrew
Sent from my iPhone
> On Sep 27, 2014, at 9:00 PM, System Administrator <ad...@bitwise.net> wrote:
>
>> On 27 Sep 2014 at 18:50, Andrew Lester wrote:
>>
>> Hey guys,
>>
>> I have what I hope is a simple syntax question for pf rules. I have not
>> been able to find any example of this online or in the man pages. I
>> suspect it is perhaps not possible. Basically I want to allow out
>> certain web services, with a simple rule like below:
>>
>> pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any
>>
>> My trouble is with the $ports macro. Here's what I am trying to do:
>>
>> $common= '"{80,443,465,587,993}"'
>> $games= '"{5222,7778,28900}"'
>>
>> $ports= "{" $common $games "}"
>>
>> NOTE: In my real config the macros are above the rule, and I have tried
>> with and without enclosing the top two macros in the single quotes.
>
> Your problem is not with the quotes but with the braces -- only one set
> of braces is needed and accepted when defining a list.
>
>> This way when I need to allow specific applications out, instead of
>> having a huge single macro where I will forget what the ports are for, I
>> can have smaller macros that I just add into the single macro which I
>> use in the pf rule. Instead of making a new rule for each application, I
>> can just add to the $ports macro.
>>
>> pf however indicates that the $ports macro is not valid syntax.
>>
>> Is this a syntax error on my part, or is this something pf cannot do?
>> Totally fine if the latter, I just want to make sure I am not missing
>> something silly with the syntax. :)
>>
>>
>> Warm regards,
>> Andrew
