I poked around some more and now my understanding is that the syntax for
using log tags should be something like:
pass in log level local.info first quick on fxp0 proto tcp from
any to any group 2 tag 137
I have tinkered around with dropping various optional 'tags' in the
rule, like group or first or quick, but still can't nail the syntax.
The above rule complains of a syntax error at 137. However, when I drop
the 137 and just have tag at the end of the line, ipf -F a -f
/etc/ipf.rules complains about an error on the next line after the tag.
So I think I'm close ...
BTW, is anyone using this functionality?
-jwb
