The wording here has always bugged me.
Attached is a patch against
.\" $OpenBSD: pf.conf.5,v 1.397 2008/05/19 14:57:31 markus Exp $
(Which should be cvs head.)
What prompted me to do this was page 60 of
'The Book of PF', "Once a packet has been tagged by a matching rule,
it can potentially be tagged by all other matching rules too, not
just the last one." which implies (to me) that a packet can be have
more than one tag. An incorrect implication.
As long as I'm playing editor... On page xvii, the Preface
of 'The Book of PF', it says "Instead, the interfaces are
assigned names that equal the driver name plus a sequence
number." Better would be "... the interface names are composed of
the driver name followed by a sequence number." Or more simply "...
interfaces are given names made from the driver name and a
sequence number."
And finally, the same paragraph ends with "Quite logical, really, and
you will find this system easy to get used to." IMHO this
sentence is better left off, considering that the book repeatedly
revisits how to replace the driver specific name with something
more abstract. Or maybe "get used to" is the wrong phrase.
Something like "replace where appropriate" would be more apt.
Regards,
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
--- pf.conf.5 2008-05-26 15:09:57.000000000 -0500
+++ pf.conf.5.new 2008-05-26 15:11:36.000000000 -0500
@@ -1811,7 +1811,7 @@
meaning that the packet will be tagged even if the rule
is not the last matching rule.
Further matching rules can replace the tag with a
-new one but will not remove a previously applied tag.
+new one but cannot untag a packet already tagged.
A packet is only ever assigned one tag at a time.
Packet tagging can be done during
.Ar nat ,
