diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-01-09 11:30:54 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-01-09 11:30:54 +0000 |
commit | 24c495a51bf0769c932f77a566a88fb4369beeff (patch) | |
tree | 4a27c4a783e0c72597d1192336cafb512205b87f /share/man/man5 | |
parent | 81cdc565c9c7e4b8822f9e0a282681dd86d76d27 (diff) |
Add labels to rules. These are arbitrary names (not to be confused with
tags that will be used to tag packets later on). Add pfctl -z to clear
per-rule counters. Add pfctl -s labels to output per-rule counters in
terse format and only for rules that have labels. Suggested by
Henning Brauer.
Diffstat (limited to 'share/man/man5')
-rw-r--r-- | share/man/man5/pf.conf.5 | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 0db1d6a94ff..1731cf2708a 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.28 2001/12/07 20:36:17 beck Exp $ +.\" $OpenBSD: pf.conf.5,v 1.29 2002/01/09 11:30:53 dhartmei Exp $ .\" .\" Copyright (c) 2001, Daniel Hartmeier .\" All rights reserved. @@ -51,7 +51,8 @@ rule = action ( "in" | "out" ) hosts [ flags ] ( [ icmp-type ] | [ ipv6-icmp-type ] ) [ "keep state" ] [ "modulate state" ] - [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ] . + [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ] + [ "label" string ] . action = "pass" | "block" [ return ] | "scrub" . return = "return-rst" | @@ -294,6 +295,11 @@ The implicit .Em pass rule that is used when a packet doesn't match any rules does not allow IP options. +.Ss label <string> +Adds a label (name) to the rule, which can be used to identify the rule. +For instance, +.Em pfctl -s labels +shows per-rule statistics for rules that have labels. .Sh MACROS .Em pfctl supports macro definition and expansion like: |