Hi,
I came upon a really strange thing i cannot undestand, if you try to feed pfctl with this config file on freebsd 8.0 it will say there is a syntax error on second line:

myvar = "192.168.10.0/24"
lans = "{" $myvar "}"

but this one is perfectly valid for pfctl:
lans = "{ 192.168.10.0/24 }"

and the best is that this one works too (from man page):
ext_if = "kue0"
all_ifs = "{" $ext_if lo0 "}"

can anyone explain me that ?

PS: its is a basic example of my problem in the real case i want to put more than one network in this macro

PF does not support nested variables like that.

Hi,
here is a quote from the manpage of pf.conf from a freebsd 8.0-STABLE:
MACROS
Macros can be defined that will later be expanded in context. Macro
names must start with a letter, and may contain letters, digits and
underscores. Macro names may not be reserved words (for example pass,
in, out). Macros are not expanded inside quotes.

For example,

ext_if = "kue0"
all_ifs = "{" $ext_if lo0 "}"
pass out on $ext_if from any to any
pass in on $ext_if proto tcp from any to any port 25


how the all_ifs definition differs from what i am trying to do ? it support it perfectly if the var inside contains an interface, why not with a network ?

I already know that this won't work:
all_ifs = "{ $ext_if }"
but from the manpage and documentation this one should (and does when ext_if does not contains a network definition with mask):
all_ifs = "{" $ext_if lo0 "}"


I may have missed something but I really understand your answer here :\

I found the answer in the mailing lists: http://osdir.com/ml/os.openbsd.pf/2004-10/msg00051.html
The working way of doing it is:

net1 = '"172.16.0.0/12"'
net2 = '"192.168.0.0/16"'
net3 = '"10.0.0.0/8"'

rfc1918 = "{" $net1 $net2 $net3 "}"

block from $rfc1918

I cannot try now but I suppose it will work.