summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2006-05-01 12:24:33 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2006-05-01 12:24:33 +0000
commit0602e6ca5663c8ef4184a6415a47af6df8febc2b (patch)
treed93a53bd9c1583ae5f06b93ec74e57f8d96fd118 /share
parente5dcd761dfbdca3ece3047d0262611c8a8757f85 (diff)
add support for "tagged {}" lists, from Pierre-Yves Ritschard
Diffstat (limited to 'share')
-rw-r--r--share/man/man5/pf.conf.58
1 files changed, 5 insertions, 3 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 4157afe870d..192b4d646c1 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.343 2006/04/30 10:12:21 jmc Exp $
+.\" $OpenBSD: pf.conf.5,v 1.344 2006/05/01 12:24:32 dhartmei Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -1605,13 +1605,14 @@ rules in addition to filter rules.
Tags take the same macros as labels (see above).
.It Ar tagged Aq Ar string
Used with filter or translation rules to specify that packets must already
-be tagged with the given tag in order to match the rule.
-Inverse tag matching can also be done
+be tagged with any of the given tags in order to match the rule.
+If only one tag is given, inverse tag matching can also be done
by specifying the
.Cm !\&
operator before the
.Ar tagged
keyword.
+A list of tags cannot be negated as it would expand to a useless rule.
.It Ar probability Aq Ar number
A probability attribute can be attached to a rule, with a value set between
0 and 1, bounds not included.
@@ -2688,6 +2689,7 @@ filteropt = user | group | flags | icmp-type | icmp6-type | tos |
"max-mss" number | "random-id" | "reassemble tcp" |
fragmentation | "allow-opts" |
"label" string | "tag" string | [ ! ] "tagged" string |
+ "tagged" "{" string [ [ "," ] string ] "}" |
"queue" ( string | "(" string [ [ "," ] string ] ")" ) |
"probability" number"%"