On Mon, Dec 09, 2024 at 06:44:04AM +0000, Quentin Th?bault wrote:
> Hi,
> 
> I was setting up my pf firewall and wanted to use range macros in a list macro, and found out additional
> quoting was necessary although it was not documented.
> 
> I would like to propose the patch below to add a statement and example to the man page to address that.
> 
> Kind regards,
> --
> Quentin TH?BAULT
> Defenso | Ing?nierie de cyberd?fense | Associ?
> 

hi. if the method you've shown is really correct, then it's really
yucky! i'll leave the technicalities of quoting to someone who knows
this stuff better. i have some feedback on your actual diff though:

> 
> Index: share/man/man5/pf.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> diff -u -p -r1.602 pf.conf.5
> --- share/man/man5/pf.conf.5    15 Apr 2024 14:06:52 -0000      1.602
> +++ share/man/man5/pf.conf.5    6 Dec 2024 13:10:22 -0000
> @@ -91,6 +91,8 @@ Macro names may not be reserved words (f
>  .Cm in ,
>  .Cm out ) .
>  Macros are not expanded inside quotes.
> +Ranges of network addresses used in macros that will be expanded in lists
> +later on must be quoted with additional simple quotes.

i think you can remove "later on". the detail isn;t needed, and is
inferred from "will be" (in the future) anyway.

i think it should say "single" quotes, rather than "simple". we often
clarify such details to avoid ambiguity: additional single quotes (').
i dont think that's needed here though.

jmc

>  .Pp
>  For example:
>  .Bd -literal -offset indent
> @@ -98,6 +100,11 @@ ext_if = "kue0"
>  all_ifs = "{" $ext_if lo0 "}"
>  pass out on $ext_if from any to any
>  pass in  on $ext_if proto tcp from any to any port 25
> +
> +usr_lan_range = "'192.0.2.0/24'"
> +srv_lan_range = "'198.51.100.0 - 198.51.100.255'"
> +nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&"
> +nat on $ext_if from $nat_ranges to any -> ($ext_if)
>  .Ed
>  .Sh PACKET FILTERING
>  .Xr pf 4