On Tue, May 23, 2006 at 03:31:46PM -0700, andrew fresh wrote:
> host_list = "{" $hosts "}"
> port_list = "{" $ports "}"
Try adding
q_host_list = '"{' $hosts '}"'
q_port_list = '"{' $ports '}"'
then replace
> end_03 = "proto tcp from " $host_list " to any port " $port_list
with
end_03 = "proto tcp from " $q_host_list " to any port " $q_port_list
The rule is that when a macro is used to define another macro, it should
contain quotes (as the right-hand-side of a macro definition is a
concatenation of strings), while a macro used in a rule definition
should not.
Like
pass from "{ 10.1.2.3 10.2.3.4 }" to any
is not a host list, but a single string, interpreted as a host name.
And
macro = { 10.1.2.3 10.2.3.4 }
is not a valid macro definition, because the right-hand-side is not a
string (or a sequence thereof), but interpreted as tokens.
It's neither like shell variable expansion, nor like C #defines. But
something else entirely. I keep hearing it's supposed to be like that :)
Daniel
