Re: Syntax error in pf rules

[Marko Cupać]

On Wed, 30 Mar 2016 07:05:56 -0700
"Adam Smith" <ken...@dcemail.com> wrote:

> Hi Marko
>
> In the rule below:
>
>
vpnip="{72.201.193.25,84.211.50.249,77.90.247.88,118.157.115.10,218.147.117.2
36}"
>
>
> a. Must there be a space each before and after the = sign?
> b. Must there be a space after the opening curly bracket and before
> the first IP address? c. Must there be a space after the comma and
> before the next IP address? d. Must there be a space after the last
> IP address and before the closing curly bracket?

Adam,

all those are easy to test, but as I still remember lack of confidence
back in time when I was setting it up for the first time, but also warm
atmosphere and helpfulness of misc@ list back in a day, here you go:

a. Spaces are not required before and after the = sign, but I usually do
   the alignment using spaces for the purpose of readability, such as:

   users      = "{ 192.0.2.1 192.0.2.2 192.0.2.3 }"
   developers = "{ 192.0.2.1 192.0.2.2 192.0.2.3 }"
   ldap       = "{ 389 636 3268 3269 }"

b. Spaces are not mandatory after the curly bracket and first ip
   address, but I prefer to have them for the purpose of readability,
   as in example above.

c. Spaces after commas, before next ip addresses are not mandatory.
   However, I prefer to ditch commas entirely, separating ip addresses
   only with spaces as in example above.

d. Not mandatory, but nice to have IMHO.

Finally, `pfctl -nf' is your friend for testing ruleset before
applying it. In case you typed something incorrectly, it will spill
syntax error along with bad line numbers. If you are comfortable with
vi, you can jump to offending line by typing `:<line_number>' (eg.
`:55') in command (default) mode. If not, you can paste complete ruleset
into editor you are comfortable with, which has line numbering (my
favourite is xfce's mousepad) and double-check offending line. Once you
have zero output of `pfctl -nf', load the ruleset with `pfctl -f'.

There. I hope by posting this I didn't turn openbsd's misc@ into
askubuntu :)
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/