diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2020-01-17 09:07:36 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2020-01-17 09:07:36 +0000 |
| commit | 6a33073f11078e29f3e94a5753c4f60a6f6e9b9b (patch) | |
| tree | 3d1ef21c5e0261d33f9e3d5ca228bd528c60f9d8 | |
| parent | c4cd1c402516544e205df141969430cb5b0d0039 (diff) | |
- pf.conf(5) should clearly state range match operator ':'
does not work for uid/gid.
OK @kn, OK @sthen
| -rw-r--r-- | share/man/man5/pf.conf.5 | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 452a15d1cfd..1bea8ddd2be 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.582 2019/10/23 23:02:55 kn Exp $ +.\" $OpenBSD: pf.conf.5,v 1.583 2020/01/17 09:07:35 sashan Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org> @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 23 2019 $ +.Dd $Mdocdate: January 17 2020 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -820,6 +820,21 @@ connections: block out proto tcp all pass out proto tcp from self user { < 1000, dhartmei } .Ed +.Pp +The example below permits users with uid between 1000 and 1500 +to open connections: +.Bd -literal -offset indent +block out proto tcp all +pass out proto tcp from self user { 999 >< 1501 } +.Ed +.Pp +The +.Sq \&: +operator, which works for port number matching, does not work for +.Cm user +and +.Cm group +match. .El .Ss Translation Translation options modify either the source or destination address and |