On Tue, Dec 25, 2018 at 07:19:21PM +0100, Sebastian Benoit wrote:
> that said, if we want this, we might want to have pfctl print a warning for
> a release cycle because it can impact the reachability of a machine. Like we
> do with ifconfig vlanid/parent changes.
Keep the behaviour in 6.4
On Tue, Dec 25, 2018 at 10:19:35AM -0700, Theo de Raadt wrote:
> I have always disliked the reliance on include, because errors detected
> during parse are poorly handled. Garbage format in the file will adjust
> the global scope and the parser is clueless to cope well.
Can you elaborate on this?
Sebastian Benoit(be...@openbsd.org) on 2018.12.25 18:13:27 +0100:
> Klemens Nanni(k...@openbsd.org) on 2018.12.25 17:33:00 +0100:
> > From pf.conf(5):
> >
> > The anchor can also be populated by adding a load anchor rule after the
> > anchor rule. When pfctl(8) loads pf.conf, it will
>When that commit was done in 2016, there should have been a commit to
>current.html telling people tochange syntax. Both as a warning of a upcoming
>change and as a reminder for us to remove the old syntax after release
>(6.0?).
I have always disliked the reliance on include, because errors
Klemens Nanni(k...@openbsd.org) on 2018.12.25 17:33:00 +0100:
> From pf.conf(5):
>
> The anchor can also be populated by adding a load anchor rule after the
> anchor rule. When pfctl(8) loads pf.conf, it will also load all the
> rules from the file /etc/pf-spam.conf into the
>From pf.conf(5):
The anchor can also be populated by adding a load anchor rule after the
anchor rule. When pfctl(8) loads pf.conf, it will also load all the
rules from the file /etc/pf-spam.conf into the anchor.
anchor spam
load anchor