summaryrefslogtreecommitdiff
path: root/share/man/man5
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-01-09 11:30:54 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-01-09 11:30:54 +0000
commit24c495a51bf0769c932f77a566a88fb4369beeff (patch)
tree4a27c4a783e0c72597d1192336cafb512205b87f /share/man/man5
parent81cdc565c9c7e4b8822f9e0a282681dd86d76d27 (diff)
Add labels to rules. These are arbitrary names (not to be confused with
tags that will be used to tag packets later on). Add pfctl -z to clear per-rule counters. Add pfctl -s labels to output per-rule counters in terse format and only for rules that have labels. Suggested by Henning Brauer.
Diffstat (limited to 'share/man/man5')
-rw-r--r--share/man/man5/pf.conf.510
1 files changed, 8 insertions, 2 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 0db1d6a94ff..1731cf2708a 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.28 2001/12/07 20:36:17 beck Exp $
+.\" $OpenBSD: pf.conf.5,v 1.29 2002/01/09 11:30:53 dhartmei Exp $
.\"
.\" Copyright (c) 2001, Daniel Hartmeier
.\" All rights reserved.
@@ -51,7 +51,8 @@ rule = action ( "in" | "out" )
hosts
[ flags ] ( [ icmp-type ] | [ ipv6-icmp-type ] )
[ "keep state" ] [ "modulate state" ]
- [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ] .
+ [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ]
+ [ "label" string ] .
action = "pass" | "block" [ return ] | "scrub" .
return = "return-rst" |
@@ -294,6 +295,11 @@ The implicit
.Em pass
rule that is used when a packet doesn't match any rules does not
allow IP options.
+.Ss label <string>
+Adds a label (name) to the rule, which can be used to identify the rule.
+For instance,
+.Em pfctl -s labels
+shows per-rule statistics for rules that have labels.
.Sh MACROS
.Em pfctl
supports macro definition and expansion like: