git: 5606ac2fcadf - main - pf.conf.5, pfctl.8: update to PF pfctl(8) and pf.conf(5) manpages

Mon, 07 Jul 2025 08:10:22 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=5606ac2fcadf801fc5485c3326fc678e77eab377

commit 5606ac2fcadf801fc5485c3326fc678e77eab377
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-02 16:25:56 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-07 15:06:51 +0000

    pf.conf.5, pfctl.8: update to PF pfctl(8) and pf.conf(5) manpages
    
    great input by Ingo, Jason and Klemens
    
    OK schwarze@, OK kn@, OK jmc@
    
    Obtained from:  OpenBSD, sashan <sas...@openbsd.org>, acd7255d6a
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.8       | 5 ++++-
 share/man/man5/pf.conf.5 | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 2391c1d1cd12..28efff896956 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -224,7 +224,10 @@ Flush the tables.
 .It Fl F Cm osfp
 Flush the passive operating system fingerprints.
 .It Fl F Cm Reset
-Reset limits, timeouts and options back to default settings.
+Reset limits, timeouts and other options back to default settings.
+See the OPTIONS section in
+.Xr pf.conf 5
+for details.
 .It Fl F Cm all
 Flush all of the above.
 .El
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 3c9706063a65..fe848b030484 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 26, 2025
+.Dd July 2, 2025
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -542,6 +542,9 @@ an ICMP UNREACHABLE is returned for blocked UDP packets,
 and all other packets are silently dropped.
 .El
 .Pp
+The default value is
+.Cm drop .
+.Pp
 For example:
 .Bd -literal -offset indent
 set block-policy return
@@ -666,6 +669,8 @@ but can be overridden via this option.
 Setting this option may leave a small period of time where the fingerprints
 referenced by the currently active ruleset are inconsistent until the new
 ruleset finishes loading.
+The default location for fingerprints is
+.Pa /etc/pf.os .
 .Pp
 For example:
 .Pp

Reply via email to