diff options
| author | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-03-27 18:16:24 +0000 |
|---|---|---|
| committer | Michael Shalayeff <mickey@cvs.openbsd.org> | 2002-03-27 18:16:24 +0000 |
| commit | f5b5f9a9d79ac00b898f03754f8633d88a7da65e (patch) | |
| tree | 7b2124304dd57c38560864fefe926e31ef5f4fde /regress/sbin/pfctl/pf2.in | |
| parent | 0383b042ec78518838e9c7faf713ed09c8414734 (diff) | |
implement a "no-route" keyword.
usage semantics are analogous w/ "any", meaning is
"any ip address for which there is no route in the
current routing table", could be used in both from and to.
typical usage would be (assuming symmetrical routing):
block in from no-route to any
also doc "any" in the pf.conf.5, include in regress, etc.
tested by me on i386 and sparc.
dhartmei@ and frantzen@ ok
Diffstat (limited to 'regress/sbin/pfctl/pf2.in')
| -rw-r--r-- | regress/sbin/pfctl/pf2.in | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/regress/sbin/pfctl/pf2.in b/regress/sbin/pfctl/pf2.in index ba509ebec67..2d1193167a9 100644 --- a/regress/sbin/pfctl/pf2.in +++ b/regress/sbin/pfctl/pf2.in @@ -17,6 +17,8 @@ block in log quick on tun0 from 172.16.0.0/12 to any block in log quick on tun0 from 192.168.0.0/16 to any block in log quick on tun0 from 255.255.255.255/32 to any +block in log quick from no-route to any + pass out on tun0 inet proto icmp all icmp-type 8 code 0 keep state pass in on tun0 inet proto icmp all icmp-type 8 code 0 keep state |