From 50c46d99edc7770bbca89b5f868d779bbef7299c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Quentin=20Th=C3=A9bault?= Date: Thu, 7 Nov 2024 07:13:05 +0100 Subject: [PATCH] pf.conf.5: additional quoting for ranges in lists When defining network address ranges in macros that will later be used as items in list macro, these ranges must be quoted with additiona simple quotes. For instance, the following does not work and is rejected as a syntax error: usr = "192.168.1.0/24" srv = "192.168.2.10 - 192.168.29" nat_ranges = "{" $usr $srv "}" Defining ranges as the following instead will work: usr = "'192.168.1.0/24'" srv = "'192.168.2.10 - 192.168.29'" MFC after: 3 days Reviewed by: Alexander Ziaee --- share/man/man5/pf.conf.5 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 733b00cc67329e..f6b791e3b8867e 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -100,6 +100,8 @@ Macro names may not be reserved words (for example .Ar in , .Ar out ) . Macros are not expanded inside quotes. +Ranges of network addresses used in macros that will be expanded in lists +later on must be quoted with additional simple quotes. .Pp For example, .Bd -literal -offset indent @@ -107,6 +109,11 @@ ext_if = \&"kue0\&" all_ifs = \&"{\&" $ext_if lo0 \&"}\&" pass out on $ext_if from any to any pass in on $ext_if proto tcp from any to any port 25 + +usr_lan_range = "'192.0.2.0/24'" +srv_lan_range = "'198.51.100.0 - 198.51.100.255'" +nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&" +nat on $ext_if from $nat_ranges to any -> ($ext_if) .Ed .Sh TABLES Tables are named structures which can hold a collection of addresses and