diff options
author | Philipp Buehler <pb@cvs.openbsd.org> | 2002-10-27 13:57:00 +0000 |
---|---|---|
committer | Philipp Buehler <pb@cvs.openbsd.org> | 2002-10-27 13:57:00 +0000 |
commit | 06d4aa824c3d10e117fc7895acc97f9d9f356b4a (patch) | |
tree | 8edcc88bbb183e2833760f7280e1e06ea6f4792e | |
parent | 3b5c4eec0494938447cc0b0dcbb63a624ccc668e (diff) |
Remove 'flags X' syntax, if people make heavy use of X/FOOBAR, they
chould use macros, e.g.
tcpinit="S/SAFR"
pass in ... flags $tcpinit
-rw-r--r-- | share/man/man5/pf.conf.5 | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 3827b3fd9c9..d7406de8f1c 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.98 2002/10/14 19:37:51 deraadt Exp $ +.\" $OpenBSD: pf.conf.5,v 1.99 2002/10/27 13:56:59 pb Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -461,7 +461,7 @@ connections: block out proto { tcp, udp } all pass out proto { tcp, udp } all user { < 1000, dhartmei } keep state .Ed -.Ss flags <a> | <a>/<b> | /<b> +.Ss flags <a>/<b> | /<b> The rule only applies to TCP packets that have the flags <a> set out of set <b>. Flags not specified in <b> are ignored. @@ -475,11 +475,6 @@ The other flags are ignored. Of SYN and ACK, exactly SYN is set. SYN, SYN+PSH, SYN+RST match, but SYN+ACK, ACK and ACK+RST don't. This is more restrictive than the previous example. -.It Em flags S -If the second set is not specified, it defaults to FSRPAUEW. -Hence, only packets with SYN set and all other flags unset match this -rule. -This is more restrictive than the previous example. .It Em flags /SFRA If the first set is not specified, it defaults to none. All of SYN, FIN, RST and ACK must be unset. |