On Tue, Jun 26, 2012 at 12:36:25PM +0100, Ti Zed wrote: > Hello, > recently, i migrated an old pf_old.conf file (OpenBSD 4.4) to the new > pf_new.conf grammar of OpenBSD 5.0. In the pf_old.conf there is a line with a > user restriction "user <user>". As the old manpage of pf.conf states, just > tcp/udp protocols are handled and other ignored. Which means, in the > pf_old.conf the rules are loaded even without tcp/udp flags. With the new > version, the tcp/udp flags has to be set in the rule, otherwise an error is > thrown (see below) and the rules will not be loaded into the pf engine. > ... > user only applies to tcp/udo > ... skipping rule due to errors > > Unfurtonately > this can lead to faults during a migration (without the knowledge of this > fact). From my point of view, the manpage of pf.conf should be updated with > the comment, that the option "user <user>" HAS TO BE bound to an protocol > otherwise the rules will not be loaded. > > Kind regards >
man page updated. thanks, jmc
