Actually I think the problem is not with the tag/tagged. It comes from the rule that If it is a quick one or not. When the rule is not quick it won't be matched with the tagged one for updating the tag value.If it is quick it will never see the next rule which is going to check the new tag value. It will be very hard for the parser to fire an accurate alarm in these cases.
On Jan 31, 2018 09:01, "S. Donaldson" <donald...@sedsystems.ca> wrote: > Hi, > > Ran into a user error situation that perhaps the pf ruleset parser > could help with. > > I was working on rules and using tag/tagged and the rule that > should have 'applied' a tag used 'tagged value' instead of 'tag value'. > Thus the tag was never set and the subsequent 'pass .... tagged value' rule > never fired. > > It seems that tag references are not dynamically defined [ unless > perhaps they are used in authpf scenarios? ]. Would it make sense for the > parser to issue a warning if a 'tagged value' references appear but no > defining 'tag value' is found in a ruleset? > > > Scott Donaldson > Saskatoon, SK > Canada > >
