kern/119661: [pf] "queue (someq, empy_acks)" doesn't work
clemens fischer
ino-news at spotteswoode.dnsalias.org
Mon Jan 14 11:30:03 PST 2008
The following reply was made to PR kern/119661; it has been noted by GNATS.
From: clemens fischer <ino-news at spotteswoode.dnsalias.org>
To: bug-followup at freebsd.org, ino-news at spotteswoode.dnsalias.org
Cc:
Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work
Date: Mon, 14 Jan 2008 20:02:47 +0100
as it turns out, the BNF in pf.conf(5) is wrong and the rule listing by
"pfctl -sa" gets it wrong, too. the former doesn't imply a particular
order of filter options and the latter displays them in a way that
cannot be specified as input in etc/pf.conf.
to get:
pass out log (all) proto tcp from any to any flags S/SA modulate state \
label "27: outbound tcp keep state" \
queue(interactive, tcp_ack)
you must write:
pass out log (all) proto tcp from any to any modulate state \
queue (interactive, tcp_ack) \
label "$nr: outbound $proto keep state"
if you reverse the order of "queue (...)" and "label ...", the rule
doesn't get parsed at all with no error report.
regards, clemens
More information about the freebsd-pf
mailing list