Many of my FreeBSD servers are not behind a firewall. They sit naked on the Internet, and I protect their services with PF. I have several “trusted” networks, and want to use them in macros. Keeping track of serveral networks in a macro is error-prone, however. Previously, I used macros like this one:
#lucas_house=10.20.20.0/28
#main_office=192.168.1.0/25
#monitor=17.16.1.1
#boss_house=10.20.30.0/24
mgmt_networks ="{ 10.20.20.0/28, 192.168.1.0/25, 172.16.1.1, 10.20.30.0/24 "}"
This meant entering each IP address twice. Complicated numbers hurt my feeble brain, and the result is errors. Entering each address multiple times is begging for an error. I found that you can nest macros, however, with careful placement of single and double quotes.
lucas_house='"10.20.20.0/28"'
main_office='"192.168.1.0/25"'
monitor='"17.16.1.1"'
boss_house='"10.20.30.0/24"'
mgmt_networks ="{" $lucas_house $main_office $monitor $boss_house "}"
Note that each address is in single quotes (‘), enclosed by double quotes (“). In the mgmt_networks macro, put double quotes around the enclosing brackets. This is in the man page example, but you have to look very closely at it.
I can then allow SSH, SNMP, SIP, etc, from my management networks to the server, and my addresses will be consistent.
I usually do it this way:
OPENID=”10.0.0.1″
ADS=”10.0.0.2″
DRUPAL=”10.0.0.4″
table { $MYSELF, $SME, $PAPERSPGCON, $PAPERSBSDCAN, $CVS, $NUTS, $REGISTER, $OPENID, $ADS, $DRUPAL }
No tricky quotes.
That doesn’t work on FreeBSD-current