From nobody@FreeBSD.org  Tue Oct  8 01:01:42 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id B693DAD0
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  8 Oct 2013 01:01:42 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id A4A842366
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  8 Oct 2013 01:01:42 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r9811gDE041869
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 8 Oct 2013 01:01:42 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r9811gpq041865;
	Tue, 8 Oct 2013 01:01:42 GMT
	(envelope-from nobody)
Message-Id: <201310080101.r9811gpq041865@oldred.freebsd.org>
Date: Tue, 8 Oct 2013 01:01:42 GMT
From: Adam McDougall <mcdouga9@egr.msu.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pfctl interprets "# .... \" as multi-line comment
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         182819
>Category:       bin
>Synopsis:       pfctl(8) interprets "# .... \" as multi-line comment
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-pf
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 08 01:10:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Wed Apr 16 00:42:21 UTC 2014
>Originator:     Adam McDougall
>Release:        9.1-STABLE
>Organization:
>Environment:
FreeBSD hostname 9.1-STABLE FreeBSD 9.1-STABLE #0 r247358: Tue Feb 26 19:02:48 EST 2013     root@build9:/usr/obj/proto/src9/src/sys/AMD64-9  amd64
>Description:
Twice I've been burned by pfctl ignoring a line in pf.conf because it
was preceded by a comment that happened to end in a backslash:

# pass in on blah blah blah doesn't matter this is a comment \
pass in on blah blah doesn't matter because this is treated as part of the comment

I try to keep my firewall rules less than 80 chars in case I need to edit
them on a dumb terminal.  Sometimes I end up duplicating a line to make
changes to an alternate copy and comment out the original, but if the
commented out line ends in a backslash, my intended replacement is ignored.
It becomes really confusing why my firewall rule is ignored yet no errors
from pfctl -f.  Eventually I figure it out.  But in my opinion, a system
that treats lines starting with # as a comment ought to unconditionally
treat them as a single line comment, and not "except if it ends in a \".
I don't know if this happens in any other pf implementation, or if it is
intentional, but it is troublesome.  I think it would be better to parse
and potentially accept lines following comments.  If they are faulty,
pfctl will throw an error.  If they are valid, they should be honored.
>How-To-Repeat:
# pass in on blah blah blah doesn't matter this is a comment \
pass in on blah blah doesn't matter because this is treated as part of the comment

pfctl -f yourfilename, it will ignore the second line
>Fix:
When a # is encountered in pf.conf, unconditionally ignore the rest of
the line.  Might be a problem with the order things are parsed?

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Apr 16 00:40:48 UTC 2014 
Responsible-Changed-Why:  
assign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=182819 
>Unformatted:
