Skip to content

Commit

Permalink
pf.conf.5: additional quoting for ranges in lists
Browse files Browse the repository at this point in the history
When defining network address ranges in macros that will later be used
as items in list macro, these ranges must be quoted with additiona
simple quotes.

For instance, the following does not work and is rejected as a syntax
error:

    usr = "192.168.1.0/24"
    srv = "192.168.2.10 - 192.168.29"
    nat_ranges = "{" $usr $srv "}"

Defining ranges as the following instead will work:
    usr = "'192.168.1.0/24'"
    srv = "'192.168.2.10 - 192.168.29'"

MFC after: 3 days
Reviewed by: Alexander Ziaee <concussious@runbox.com>
  • Loading branch information
Defenso-QTH committed Nov 13, 2024
1 parent e3b7775 commit 50c46d9
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions share/man/man5/pf.conf.5
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,20 @@ Macro names may not be reserved words (for example
.Ar in ,
.Ar out ) .
Macros are not expanded inside quotes.
Ranges of network addresses used in macros that will be expanded in lists
later on must be quoted with additional simple quotes.
.Pp
For example,
.Bd -literal -offset indent
ext_if = \&"kue0\&"
all_ifs = \&"{\&" $ext_if lo0 \&"}\&"
pass out on $ext_if from any to any
pass in on $ext_if proto tcp from any to any port 25

usr_lan_range = "'192.0.2.0/24'"
srv_lan_range = "'198.51.100.0 - 198.51.100.255'"
nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&"
nat on $ext_if from $nat_ranges to any -> ($ext_if)
.Ed
.Sh TABLES
Tables are named structures which can hold a collection of addresses and

Check warning on line 119 in share/man/man5/pf.conf.5

View workflow job for this annotation

GitHub Actions / Style Checker

Missing Signed-off-by: line
Expand Down

0 comments on commit 50c46d9

Please sign in to comment.