On Wed, Apr 20, 2005 at 09:44:59PM +0930, alex wilkinson wrote: > Hi all, > > I have a macro defined such as: > > EXT_IF="tun0" > > I want to refer to this interface in parentheses in case tun0's DHCP > ip address changes. > However, when I use the (...) feature in the following rule for example: > > block return-rst in log on ($EXT_IF) proto tcp all
"on $EXT_IF" resolves to the interface name, not the IP address. the interface NAME is not dynamic--the IP address is. use the parentheses when the token is expanded to the IP address, like if you had: block return-rst in log on $EXT_IF proto tcp from any to ($EXT_IF) > I get "/etc/pf.conf:83: syntax error" > > I can't see anything odd about my rule except for tun0 is a virtual interface. > Should or can I use 'ppp' for $EXT_INT ? might i recommend a re-read of the PF User's Guide: http://openbsd.org/faq/pf/index.html -j -- "Chris: Here, it's a Candy-cane. But don't stick it up your nose, it burns like hell." --Family Guy
