On Wed, 22 Dec 2010 09:03:57 +0100 Henning Brauer <[email protected]> wrote:
> * Thomas Pfaff <[email protected]> [2010-12-21 22:19]: [...] > > 2) pf.conf(5) says "set debug" can be one of loud, misc, none, or urgent > > but if you "set debug loud" in pf.conf and load it the pfctl -sa output > > will say "Debug: debug", or if you "set debug misc" it will say "Debug: > > notice". It does not say what you set in pf.conf. > > > > 3) pfctl(8) -x option lets you set one of emerg, alert, crit, err, > > warning, notice, info, or debug. These will show up by their correct > > name in pfctl -sa output. They're also valid names in pf.conf so > > should they not also be mentioned in pf.conf(5)? > > yes. ryan cleaned that up big time to use syslog-like levels (i. e. > your case 3). apparently we missed a few cases of the old ones (misc, > loud etc). > So the names in 2) should be removed from the pf.conf man page and the names in 3) should be added, then? How about something like this (text is mostly a copy of that in the pfctl man page for the -x option): Index: pf.conf.5 =================================================================== RCS file: /cvs/src/share/man/man5/pf.conf.5,v retrieving revision 1.482 diff -u -p -r1.482 pf.conf.5 --- pf.conf.5 15 Dec 2010 14:06:05 -0000 1.482 +++ pf.conf.5 22 Dec 2010 20:48:49 -0000 @@ -981,20 +981,12 @@ an ICMP UNREACHABLE is returned for bloc and all other packets are silently dropped. .El .It Ar set debug -Set the debug -.Ar level -to one of the following: -.Pp -.Bl -tag -width xxxxxxxx -compact -.It Ar loud -Generate debug messages for common conditions. -.It Ar misc -Generate debug messages for various errors. -.It Ar none -Don't generate debug messages. -.It Ar urgent -Generate debug messages only for serious errors. -.El +Set the debug level which limits the severity of log messages printed by pf(4). +This should be a keyword from the following ordered list (highest to lowest): +emerg, alert, crit, err, warning, notice, info, and debug. +The last keyword, debug, must be quoted. +These keywords correspond to the similar (LOG_) values specified to the +syslog(3) library routine, and may be abbreviated. .It Ar set fingerprints Load fingerprints of known operating systems from the given filename. By default fingerprints of known operating systems are automatically
