Hello,

thanks for clarification

On Tue, Dec 10, 2024 at 05:28:02AM +0000, Quentin Th?bault wrote:
</snip>
> Index: share/man/man5/pf.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> diff -u -p -r1.602 pf.conf.5
> --- share/man/man5/pf.conf.5    15 Apr 2024 14:06:52 -0000      1.602
> +++ share/man/man5/pf.conf.5    10 Dec 2024 05:25:23 -0000
> @@ -91,6 +91,8 @@ Macro names may not be reserved words (f
>  .Cm in ,
>  .Cm out ) .
>  Macros are not expanded inside quotes.
> +Ranges of network addresses used in macros that will be expanded in lists
> +must be quoted with additional single quotes.
>  .Pp
>  For example:
>  .Bd -literal -offset indent
> @@ -98,6 +100,11 @@ ext_if = "kue0"
>  all_ifs = "{" $ext_if lo0 "}"
>  pass out on $ext_if from any to any
>  pass in  on $ext_if proto tcp from any to any port 25
> +
> +usr_lan_range = "'192.0.2.0/24'"
                    ^^^^^^^^^^^^^

> +srv_lan_range = "'198.51.100.0 - 198.51.100.255'"
> +nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&"
> +pass out on tl0 inet from $nat_ranges to any nat-to (tl0)


the example still does not work on OpenBSD. I will try to take
a look at how macros are expanded. I suspect pfctl is
not able to recursively expand macros.


thanks for the report

regards
sashan