Hello,
On Sun, May 08, 2022 at 08:06:57PM +0200, Alexander Bluhm wrote:
> On Sun, May 08, 2022 at 06:37:57PM +0200, Alexandr Nedvedicky wrote:
> > this tiny update to pf.conf(5) has been prompted here [1] on
> > pf mailing list. By default only ICMP queries are allowed
> > to create state in pf(4). The sloppy option relaxes that
> > so also ICMP replies can create a state. I think this should
> > be also mentioned in pf.conf(5)
> >
> > OK to my suggestion below?
>
> I would make it a bit shorter. pf.conf(5) is very long already.
>
> With this option ICMP replies can create states.
>
> Does this describe everything?
yes, it does. I Like it. Updated diff below.
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index fe4b117994a..e4af2a37c5e 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -2186,6 +2186,7 @@ It cannot be used with
.Cm modulate state
or
.Cm synproxy state .
+With this option ICMP replies can create states.
.It Ar timeout seconds
Changes the
.Ar timeout
