On Fri, Jul 17, 2009 at 09:59:51AM +0200, Holger Glaess wrote:
| hi
|
| as an result of missconfiguration i found a line
| with just an "pass".
|
| why did not detect the pfctl syntax parser a single lonely pass ?
|
| is this commando first valid if they have options , parameter like
| on interface from a to b ?
Not quite sure what you are complaining about, but a single line with
'pass' is perfectly valid syntax. It's in a lot of my rulesets, the
default ruleset has it too. Of course, I have it as the first rule so
later rules can override it with more specific parameters (also in the
default ruleset, see the 'block in on ! lo0 proto tcp to port
6000:6010'-rule).
| in my mind the parser have to bring at least a warning it kills all
| block rule what you have.
Why should the parser warn you when you write valid syntax ?
| is this an bug ? a missing feature ?
Neither. Works as intended. Unless, of course, I misunderstood what
you are complaining about.
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
