summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilipp Buehler <pb@cvs.openbsd.org>2002-10-27 13:57:00 +0000
committerPhilipp Buehler <pb@cvs.openbsd.org>2002-10-27 13:57:00 +0000
commit06d4aa824c3d10e117fc7895acc97f9d9f356b4a (patch)
tree8edcc88bbb183e2833760f7280e1e06ea6f4792e
parent3b5c4eec0494938447cc0b0dcbb63a624ccc668e (diff)
Remove 'flags X' syntax, if people make heavy use of X/FOOBAR, they
chould use macros, e.g. tcpinit="S/SAFR" pass in ... flags $tcpinit
-rw-r--r--share/man/man5/pf.conf.59
1 files changed, 2 insertions, 7 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 3827b3fd9c9..d7406de8f1c 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.98 2002/10/14 19:37:51 deraadt Exp $
+.\" $OpenBSD: pf.conf.5,v 1.99 2002/10/27 13:56:59 pb Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -461,7 +461,7 @@ connections:
block out proto { tcp, udp } all
pass out proto { tcp, udp } all user { < 1000, dhartmei } keep state
.Ed
-.Ss flags <a> | <a>/<b> | /<b>
+.Ss flags <a>/<b> | /<b>
The rule only applies to TCP packets that have the flags <a> set
out of set <b>.
Flags not specified in <b> are ignored.
@@ -475,11 +475,6 @@ The other flags are ignored.
Of SYN and ACK, exactly SYN is set.
SYN, SYN+PSH, SYN+RST match, but SYN+ACK, ACK and ACK+RST don't.
This is more restrictive than the previous example.
-.It Em flags S
-If the second set is not specified, it defaults to FSRPAUEW.
-Hence, only packets with SYN set and all other flags unset match this
-rule.
-This is more restrictive than the previous example.
.It Em flags /SFRA
If the first set is not specified, it defaults to none.
All of SYN, FIN, RST and ACK must be unset.