[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf rule sintax (newbie)

On Mon, 10 Mar 2003, Philipp Buehler - sysfive.com GmbH wrote:
>Well, it doesnt work out logically. { N, .. , M } expands
>to NxM rules, if you negate it, this will always be true in
>one way or the other.
you're forgetting that the addys can have different address families.
ie host = "{ v4_ip, v6_ip }", and without inet/inet6 in a rule, this
expands to an inet and an inet6 rule.
wouldn't !{..} make sense in this context? perhaps a limited version that
only allows a single v4 and a single v6 ip or block.
>pfctl doesnt start to think for you. :)
apparently it does, since it wouldn't let me do this when i tried it, but
i didn't want to bitch about something i could fix with one extra macro.
>this has been discussed to death already, check the archives,
>please. !{..} will never be supported.
> Philipp Buehler  -  <[email protected]>  -  http://sysfive.com/
> sysfive.com GmbH - UNIX. Networking. Security. Applications.
> Steilshooperstr. 184, 22305 Hamburg, Germany - GSM +49-179-1136646