pf.conf.5: additional quoting for ranges in lists

[Defenso-QTH]

When defining network address ranges in macros that will later be used as items in list macro, these ranges must be quoted with additiona simple quotes.

For instance, the following does not work and is rejected as a syntax error:

    usr = "192.168.1.0/24"
    srv = "192.168.2.10 - 192.168.29"
    nat_ranges = "{" $usr $srv "}"

Defining ranges as the following instead will work:

    usr = "'192.168.1.0/24'"
    srv = "'192.168.2.10 - 192.168.29'"

@concussious I took the liberty to already name you as a reviewer based on our recent interaction on Discord, I hope that's fine. Please let me know.

[jlduran]

I'm not sure I understand what is the desired result. Is it?:

usr = "192.168.1.0/24"
srv = "192.168.2.10 - 192.168.29"

nat_ranges = "{ $usr, $srv }"

As a side note, for new documentation purposes, we subscribe to the use of RFC 5737 addresses.

[Defenso-QTH]

Yes. Except that will give you a syntax error, because, as stated in the previous line of the manpage: Macros are not expanded inside quotes.

Thanks for pointing me to the RFC I will update the PR accordingly.

[jlduran]

I think I understand now what you are trying to document:

In order to overcome the limitation that macros don't get expanded inside quotes, when you have, for instance, a macro containing a range, and want it to expand to a list, you must define the macro quoted:

usr = "\"192.168.1.0/24\""
srv = "\"192.168.2.10 - 192.168.29\""

nat_ranges = "{" $usr $srv "}"
nat on $ext_if from $nat_ranges to any -> ($ext_if)

Or as you suggest, using a combination of single and double quotes, in order to avoid escaping the double quotes? ...interesting.

[Defenso-QTH]

Yes that's exactly it.

[concussious]

cc @kprovost