Re: typo pf.conf.5

Sat, 30 May 2009 05:05:33 -0700 

On Sat, May 30, 2009 at 11:02:44AM +0100, Federico G. Schwindt wrote:
> > > > as an argument. can it really do that? even if it can, the quoting still
> > > > looks incorrect.
> > > 
> > >   yes, it's like that.  how the quote will be in the case of:
> > > 
> > >   return-rst(ttl 20)

        "return-rst" [ "(" "ttl" number ")" ]

> > > 
> > 
> > so the document is currently incorrect? we need to document this?
> 
>   yes, this is not mentioned and should be added, but the syntax is
> correct.
>  

ok, diff below. it is a little problematic, since we do not show the
exact syntax, but adding it would be even uglier.

> > > > second, can return-icmp really take an icmp6code as an argument? is that
> > > > what the syntax is saying?
> > > 
> > >   yes, it can take a second argument.
> > > 
> > 
> > yes, but can it take an argument of an icmp*6* code? i know return-icmp
> > can take an icmp code, and return-icmp6 can take an icmp6 code, but
> > return-icmp can take a 6 code (or vice versa)? surely that is wrong.
> 
>   yes, there are 3 variants for return-icmp and 2 for return-icmp6.
>   return-icmp and return-icmp6 set both icmp and icmp6 in all of their
> incarnations. they will apply the defaults if the argument is not
> passed/needed, while only return-icmp can take both, icmp and icmp6
> parameters.
> 

i don;t really understand that, but if you're sure it's right, that's
fine.

this ok then?
jmc

Index: pf.conf.5
===================================================================
RCS file: /cvs/src/share/man/man5/pf.conf.5,v
retrieving revision 1.442
diff -u -r1.442 pf.conf.5
--- pf.conf.5   1 May 2009 09:01:26 -0000       1.442
+++ pf.conf.5   30 May 2009 11:59:27 -0000
@@ -955,6 +955,9 @@
 .It Ar return-rst
 This applies only to TCP packets,
 and issues a TCP RST which closes the connection.
+An optional parameter,
+.Ar ttl ,
+may be given with a TTL value.
 .El
 .Pp
 Options returning ICMP packets currently have no effect if
@@ -2695,7 +2698,8 @@
 bandwidth-spec = "number" ( "b" | "Kb" | "Mb" | "Gb" | "%" )
 
 action         = "pass" | "match" | "block" [ return ]
-return         = "drop" | "return" | "return-rst" [ "( ttl" number ")" ] |
+return         = "drop" | "return" |
+                 "return-rst" [ "(" "ttl" number ")" ] |
                  "return-icmp" [ "(" icmpcode [ [ "," ] icmp6code ] ")" ] |
                  "return-icmp6" [ "(" icmp6code ")" ]
 icmpcode       = ( icmp-code-name | icmp-code-number )

Reply via email to