diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2006-05-01 12:24:33 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2006-05-01 12:24:33 +0000 |
commit | 0602e6ca5663c8ef4184a6415a47af6df8febc2b (patch) | |
tree | d93a53bd9c1583ae5f06b93ec74e57f8d96fd118 /share | |
parent | e5dcd761dfbdca3ece3047d0262611c8a8757f85 (diff) |
add support for "tagged {}" lists, from Pierre-Yves Ritschard
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man5/pf.conf.5 | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 4157afe870d..192b4d646c1 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.343 2006/04/30 10:12:21 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.344 2006/05/01 12:24:32 dhartmei Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -1605,13 +1605,14 @@ rules in addition to filter rules. Tags take the same macros as labels (see above). .It Ar tagged Aq Ar string Used with filter or translation rules to specify that packets must already -be tagged with the given tag in order to match the rule. -Inverse tag matching can also be done +be tagged with any of the given tags in order to match the rule. +If only one tag is given, inverse tag matching can also be done by specifying the .Cm !\& operator before the .Ar tagged keyword. +A list of tags cannot be negated as it would expand to a useless rule. .It Ar probability Aq Ar number A probability attribute can be attached to a rule, with a value set between 0 and 1, bounds not included. @@ -2688,6 +2689,7 @@ filteropt = user | group | flags | icmp-type | icmp6-type | tos | "max-mss" number | "random-id" | "reassemble tcp" | fragmentation | "allow-opts" | "label" string | "tag" string | [ ! ] "tagged" string | + "tagged" "{" string [ [ "," ] string ] "}" | "queue" ( string | "(" string [ [ "," ] string ] ")" ) | "probability" number"%" |