diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-12-22 17:17:57 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-12-22 17:17:57 +0000 |
| commit | 918b923f5bb7286ed02d9c5697215bdaab798030 (patch) | |
| tree | 4f1ec81115f88bfb563ac6e9a8c5293d235e3336 /share/man | |
| parent | 876705771ce25a4fde66ddfeeaed78e36c2522fa (diff) | |
Introduce 'set skip on <ifspec>' to support a list of interfaces where no
packet filtering should occur (like loopback, for instance).
Code from Max Laier, with minor improvements based on feedback from
deraadt@. ok mcbride@, henning@
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man4/pf.4 | 15 | ||||
| -rw-r--r-- | share/man/man5/pf.conf.5 | 12 |
2 files changed, 25 insertions, 2 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index a321d972b0b..a394627c016 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.4,v 1.53 2004/12/10 03:29:02 jaredy Exp $ +.\" $OpenBSD: pf.4,v 1.54 2004/12/22 17:17:55 dhartmei Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. .\" @@ -1013,6 +1013,19 @@ The filtering process is the same as for .Va pfiio_nzero will be set by the kernel to the number of interfaces and drivers that have been cleared. +.It Dv DIOCSETIFFLAG Fa "struct pfioc_iface *io" +Set the user setable flags (described below) of the pf internal interface +description. +The filtering process is the same as for +.Dv DIOCIGETIFACES . +.Bd -literal +#define PFI_IFLAG_SKIP 0x0100 /* skip interface */ +#define PFI_IFLAG_SETABLE_MASK 0x0100 /* mask */ +.Ed +.It Dv DIOCCLRIFFLAG Fa "struct pfioc_iface *io" +Works as +.Dv DIOCSETIFFLAG +above but clears the flags. .El .Sh FILES .Bl -tag -width /dev/pf -compact diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index e9b181ee9df..762534c7ab7 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.319 2004/12/22 00:59:26 david Exp $ +.\" $OpenBSD: pf.conf.5,v 1.320 2004/12/22 17:17:56 dhartmei Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -483,6 +483,16 @@ For example: .Pp .Dl set fingerprints \&"/etc/pf.os.devel\&" .Pp +.It Ar set skip on <ifspec> +List interfaces for which packets should not be filtered. +Packets passing in or out on such interfaces are passed as if pf was +disabled, i.e. pf does not process them in any way. +This can be useful on loopback and other virtual interfaces, when +packet filtering is not desired and can have unexpected effects. +For example: +.Pp +.Dl set skip on lo0 +.Pp .It Ar set debug Set the debug .Ar level |