From 06d4aa824c3d10e117fc7895acc97f9d9f356b4a Mon Sep 17 00:00:00 2001 From: Philipp Buehler Date: Sun, 27 Oct 2002 13:57:00 +0000 Subject: Remove 'flags X' syntax, if people make heavy use of X/FOOBAR, they chould use macros, e.g. tcpinit="S/SAFR" pass in ... flags $tcpinit --- share/man/man5/pf.conf.5 | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 3827b3fd9c9..d7406de8f1c 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.98 2002/10/14 19:37:51 deraadt Exp $ +.\" $OpenBSD: pf.conf.5,v 1.99 2002/10/27 13:56:59 pb Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -461,7 +461,7 @@ connections: block out proto { tcp, udp } all pass out proto { tcp, udp } all user { < 1000, dhartmei } keep state .Ed -.Ss flags | / | / +.Ss flags / | / The rule only applies to TCP packets that have the flags set out of set . Flags not specified in are ignored. @@ -475,11 +475,6 @@ The other flags are ignored. Of SYN and ACK, exactly SYN is set. SYN, SYN+PSH, SYN+RST match, but SYN+ACK, ACK and ACK+RST don't. This is more restrictive than the previous example. -.It Em flags S -If the second set is not specified, it defaults to FSRPAUEW. -Hence, only packets with SYN set and all other flags unset match this -rule. -This is more restrictive than the previous example. .It Em flags /SFRA If the first set is not specified, it defaults to none. All of SYN, FIN, RST and ACK must be unset. -- cgit v1.2.3