On 2020/01/16 17:37, Alexandr Nedvedicky wrote:
> Hello,
>
> </snip>
> > > +of uids, which match the pass rule. The
> > New sentences on its own line. I'd say
> >
> > Note that users 1000 and 1500 are excluded from the pass rule.
> >
>
> yes, new sentence on the new line. and your wording sounds better.
>
> > > +.Cm :
> > The port paragraph marks up those operators with Sq (single quotes),
> > we should be consistent here. Cm for user and group is correct, though.
>
> fixed.
>
> updated manpage is below.
>
> thanks and
> regards
> sashan
>
> --------8<---------------8<---------------8<------------------8<--------
> diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
> index 452a15d1cfd..fe99dc0c726 100644
> --- a/share/man/man5/pf.conf.5
> +++ b/share/man/man5/pf.conf.5
> @@ -820,6 +820,22 @@ connections:
> block out proto tcp all
> pass out proto tcp from self user { < 1000, dhartmei }
> .Ed
> +.Pp
> +The example below specifies a range of users to open outgoing
> +connections:
> +.Bd -literal -offset indent
> +block out proto tcp all
> +pass out proto tcp from self user { 1000 >< 1500 }
> +.Ed
> +.Pp
> +Note that users 1000 and 1500 are excluded from the pass rule.
The last line above is a little hard to parse - I think a "positive
example" would be clearer, i.e. something like this:
.Pp
The example below permits users with uid between 1000 and 1500
to open connections:
.Bd -literal -offset indent
block out proto tcp all
pass out proto tcp from self user { 999 >< 1501 }
.Ed
.Pp
The
.Sq \&:
operator, which works for port number matching, does not work for
[...]
