Hi,
seeing this in the manpage
--8<--
+.It Fl F Cm Reset
+Reset limits, timeouts and options back to default settings.
-->8--
would make me believe
On 02.04.2019 12:06, Klemens Nanni wrote:
On Tue, Apr 02, 2019 at 11:28:43AM +0200, Petr Hoffmann wrote:
would make me believe everything mentioned as OPTIONS in pf.conf(5) is about
to be reset. I see e.g. the debug level is reset, but what about the other
stuff like fingerprints, 'skip
Hi,
I noticed it is possible to specify an invalid netmask,
e.g. 1.1.1.1/10/20 and still get the address loaded into a table. I
conjecture this was introduced by the following change:
a7ede25358dad545e0342d2a9f8ef6ce68c6df66
Zap bits in host_v4(), use mask parameter
It looks like the author
Hi,
I noticed that pfctl says 'once' can be used only with pass/block rules,
but it is not true - it can't for block but can for anchor rules:
--8<---
# echo 'block once' | pfctl -f -
stdin:1: 'once' only applies to pass/block rules
Klemens Nanni writes:
> Thanks! Diff makes sense, see comments inline. I confirm that this
> restores intended behaviour and regress is fine as well.
>
> With those addressed OK kn; or I take care of it after getting an OK.
> sashan?
Thanks for pointing to the details. Fixed now:
diff --git
Sorry, my MUA replaced tabs with spaces in the patch I sent
previously. Find the correct one below:
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index e8dd97f6222..e55b2893069 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -354,7 +354,7 @@ struct pfctl_watermarks
Hi,
I noticed pfctl crashes on segfault when anchors go too deep:
--8<---
$ cat ~/pf.conf | head -5
anchor foo {
anchor foo {
anchor foo {
anchor foo {
anchor foo {
$ grep anchor ~/pf.conf | wc -l
66
$ /sbin/pfctl -nf ~/pf.conf
Segmentation fault (core