[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: macro doesnt expand CIDR



Thanks for the response.

I understand that I could write the rule with the ips harcoded in it, but I assume this doesnt change the fact that macros are not expanding CIDR addresses, and this maybe a bug. I was trying more to warn about this rather strange behaviour than to find an alternative solution.

Thanks a bunch ;)

----- Original Message ----- From: "ed" <[email protected]>
To: "Gustavo A. Baratto" <[email protected]>
Sent: Friday, August 26, 2005 7:08 PM
Subject: Re: macro doesnt expand CIDR



On Mon, 22 Aug 2005 17:34:06 -0700
"Gustavo A. Baratto" <[email protected]> wrote:

int_net="192.168.0.1/24"
john="192.168.1.3"

all="{" $int_net $john "}"

pass in quick on bge0 proto tcp from $all to 68.149.93.11 port 80

pass in quick on bge0 proto tcp from "{" "192.168.0.1/24" \ "192.168.1.3" "}" 68.149.93.11 port 80

Why not just write

pass in quick on bge0 proto tcp from {192.168.0.1/24,192.168.1.3} to \
68.149.93.11 port 80

also note there is a , in the second version. I believe the "" marks are
just to keep text together, now to separate it.

This works:
all="{192.168.0.1/24" $john "}"

I think this could be through confusing the parser, and might even be considered buggy as you don't close the brace off.

--
http://edd.link9.net - http://irc.is-cool.net