hi
as an result of missconfiguration i found a line
with just an pass.
why did not detect the pfctl syntax parser a single lonely pass ?
is this commando first valid if they have options , parameter like
on interface from a to b ?
in my mind the parser have to bring at least a warning it
On 2009-07-17, Holger Glaess gla...@glaessixs.de wrote:
hi
as an result of missconfiguration i found a line
with just an pass.
why did not detect the pfctl syntax parser a single lonely pass ?
is this commando first valid if they have options , parameter like
on interface from a to b ?
On Fri, Jul 17, 2009 at 09:59:51AM +0200, Holger Glaess wrote:
hi
as an result of missconfiguration i found a line
with just an pass.
why did not detect the pfctl syntax parser a single lonely pass ?
is this commando first valid if they have options , parameter like
on interface from
On Fri, Jul 17, 2009 at 09:59:51AM +0200, Holger Glaess wrote:
| hi
|
| as an result of missconfiguration i found a line
| with just an pass.
|
| why did not detect the pfctl syntax parser a single lonely pass ?
|
| is this commando first valid if they have options , parameter like
| on
On Fri, Jul 17, 2009 at 09:59:51AM +0200, Holger Glaess wrote:
hi
as an result of missconfiguration i found a line
with just an pass.
why did not detect the pfctl syntax parser a single lonely pass ?
is this commando first valid if they have options , parameter like
on interface from a
On Fri, Jul 17, 2009 at 10:35:03AM +0200, Holger Glaess wrote:
| sorry ... for my bad ugly english i have less practice .
|
|
| i talk about from a line with just pass nothing else.
|
|
| example.
|
| pf.conf -
|
|
| block in on wan all
| block out on wan all
|
| # correct
On Fri, Jul 17, 2009 at 10:35:03AM +0200, Holger Glaess wrote:
| sorry ... for my bad ugly english i have less practice .
|
|
| i talk about from a line with just pass nothing else.
|
|
| example.
|
| pf.conf -
|
|
| block in on wan all
| block out on wan all
|
| #
On Fri, Jul 17, 2009 at 11:11:22AM +0200, Holger Glaess wrote:
| you are right but i think it is really helpful if pfctl give an
| warning if he found those kind of line that you can decide if this
| rule to want or a miss typo that have to be correct.
And the next guy wants a warning when you
Holger, we should adhere to KISS principle.
So, pf rulesets are fine like they are if they are working as expected,
and this is our case. If you're missing some warning feature maybe you
would try to write an aux app -` la lint for C- that could parse a
pf.conf and look for suspect behaviour.
On 2009-07-17, Paul de Weerd we...@weirdnet.nl wrote:
You wouldn't complain if you put a 'rm -f /' at the end of
/etc/rc.local, now would you ? You won't get a warning for it either.
that can be fixed.
Index: rm.c
===
RCS file:
You wouldn't complain if you put a 'rm -f /' at the end of
/etc/rc.local, now would you ? You won't get a warning for it either.
that can be fixed.
Index: rm.c
===
RCS file: /cvs/src/bin/rm/rm.c,v
retrieving revision 1.22
11 matches
Mail list logo
