Hello,
</snip>
> > +.Pp
> > +Note that users 1000 and 1500 are excluded from the pass rule.
>
> The last line above is a little hard to parse - I think a "positive
> example" would be clearer, i.e. something like this:
>
> .Pp
> The example below permits users with uid between 1000 and 1500
> to open connections:
> .Bd -literal -offset indent
> block out proto tcp all
> pass out proto tcp from self user { 999 >< 1501 }
> .Ed
> .Pp
> The
> .Sq \&:
> operator, which works for port number matching, does not work for
> [...]
>
I like your suggestion, diff below fixes extra white space and
uses Stuart's wording.
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 452a15d1cfd..f847aa7fe32 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -820,6 +820,21 @@ connections:
block out proto tcp all
pass out proto tcp from self user { < 1000, dhartmei }
.Ed
+.Pp
+The example below permits users with uid between 1000 and 1500
+to open connections:
+.Bd -literal -offset indent
+block out proto tcp all
+pass out proto tcp from self user { 999 >< 1501 }
+.Ed
+.Pp
+The
+.Sq \&:
+operator, which works for port number matching, does not work for
+.Cm user
+and
+.Cm group
+match.
.El
.Ss Translation
Translation options modify either the source or destination address and
