From: Quentin Thébault Subject: pf.conf.5: additional quoting for ranges in lists To: "tech@openbsd.org" Date: Mon, 9 Dec 2024 06:44:04 +0000 Hi, I was setting up my pf firewall and wanted to use range macros in a list macro, and found out additional quoting was necessary although it was not documented. I would like to propose the patch below to add a statement and example to the man page to address that. Kind regards, -- Quentin THÉBAULT Defenso | Ingénierie de cyberdéfense | Associé Index: share/man/man5/pf.conf.5 =================================================================== RCS file: /cvs/src/share/man/man5/pf.conf.5,v diff -u -p -r1.602 pf.conf.5 --- share/man/man5/pf.conf.5 15 Apr 2024 14:06:52 -0000 1.602 +++ share/man/man5/pf.conf.5 6 Dec 2024 13:10:22 -0000 @@ -91,6 +91,8 @@ Macro names may not be reserved words (f .Cm in , .Cm out ) . Macros are not expanded inside quotes. +Ranges of network addresses used in macros that will be expanded in lists +later on must be quoted with additional simple quotes. .Pp For example: .Bd -literal -offset indent @@ -98,6 +100,11 @@ ext_if = "kue0" all_ifs = "{" $ext_if lo0 "}" pass out on $ext_if from any to any pass in on $ext_if proto tcp from any to any port 25 + +usr_lan_range = "'192.0.2.0/24'" +srv_lan_range = "'198.51.100.0 - 198.51.100.255'" +nat_ranges = \&"{\&" $usr_lan_range $srv_lan_range \&"}\&" +nat on $ext_if from $nat_ranges to any -> ($ext_if) .Ed .Sh PACKET FILTERING .Xr pf 4