Stuart Henderson wrote:
> The pfctl-based config parsers were re-unified between 4.2 and
> 4.3, most things just work<tm> but there are some uncommon cases
> which used to work that don't now.
Ok thanks! Do you happen to know if there are plans to fix the
uncommon cases at some point? It seems like this particular
behavior wouldn't be intentional.
> For this in particular, you can simplify. Port names are looked
> up from /etc/services; just write "{ ssh, smtp }". The comma is
> optional - see op-list in BNF of pf.conf(5) - but imo makes it
> easier to read (as does removing unnecessary macros).
Nice, that works well. I do have a few ports that are not
in /etc/services but I can hard code them without a recursive
macro, not a big deal. (rather than worry about having to
update /etc/services when I replicate my config between systems)
> pfctl/pf.conf probably could have done with an explicit
> mention, but on plus43.html you find "Improvements in the
> common parser code generator for various OpenBSD daemons"
> which is meant to cover this too.
Ok, good to know.
I appreciate the quick response! thanks a bunch
nate
