From nobody Thu Sep 25 12:41:43 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cXYHq6WXvz68Sch;
	Thu, 25 Sep 2025 12:41:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cXYHq31P0z42hm;
	Thu, 25 Sep 2025 12:41:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1758804103;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8n/yQDg5NE1KSNAiFUS6v0ty5V/3YoU5b5LG3tkEnUg=;
	b=OKjcFOxY0VrSbQQUYlILCxp61X8hlRUr0ldhyMjaDBBDqkDxHBKfHRNwyJ0CmBk+eNGwZW
	YtKBZJduAQh8EmQehH7CSBDituTNihwKlhOF1pxVOfsQbD2FGXiUclJv8aAHpiCl/yh5Eo
	jUSg6o8zVG+qOxwRY6SKW/VLvtbADcepSN0xU2G/Ovo0SsOZpVeYclh4h5H3rtCdhhWUep
	NyBiDmDo/P+2d9ImjIMkH5cV4BUGTeW0BAb0b3PgVFo+iwKqim3p0wBzyA2rHeGc+O3JCH
	6lg8sSfEwtDGjE6/jBXwTpqrwMH0weJABR3HV1jUR2HF7QUUL8t+S4uLzqXHIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1758804103;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8n/yQDg5NE1KSNAiFUS6v0ty5V/3YoU5b5LG3tkEnUg=;
	b=VzxIMpF0rnickY2X4jTH80Bzf6Ckc76lxGdVh6eG4YYwOvKQf00MClvt7/Q11ybkEJsNbk
	k/CJf8nIGCYmLxBIqYTCo3isPJJf6nlwyK8sk4Y5mlNMmXlwqYCYTWmod0x8xz0dGuGdsq
	Zz/vKvG3dRbRhz6ZOJBeS1Dq7mkXPE6oL7hmpXUrTyhPOKk0avR7y50tutjZv9P6Ow+2Qp
	oVuQVDbJgi0U3+G+KpR5zppllUpO8qOjO+foIDtTmgK9oBFAEO4WIOCFoBAnoXqPJsifmD
	NJupubRQKE7j4O28vIrFGbID/ZvukvNIpoGHMoBPQ+D2nehbdMRYghmz1HEPBg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758804103; a=rsa-sha256; cv=none;
	b=Dsbj/e20VxcXMJ86W3VChrXSQvWG43pZM2Jl7dTrsT3OZZWa/x6HgjhbpnIq5WLTIGDk7g
	+yjuMXBOWUS1ZCro69NmREildzgF5nNmER1pdjbLk5qqJ3/L0u+Ly3ZNEbXR5vPeMkqqgS
	1LdFpFm/Zlb1ih0i4XDpaqP5KWeCXSVN2PDQr+qlIvEbjVEROGQJYdnGCGl1jpNxZxszHM
	tGIm4k4e3PjBaYA94FZZ1BpcVHY7J4ULbHlQBjWz6Ah3Rwyg7CH7K6F4N23Oz87d71DHSr
	eOiHY9qcE9POrppKrWsEl3+SPvm+cLzz3lxRtsfHzVXagwOcCqqNtnuzpDls8A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cXYHq24xtz1Gpt;
	Thu, 25 Sep 2025 12:41:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58PCfhKd004715;
	Thu, 25 Sep 2025 12:41:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58PCfhsf004712;
	Thu, 25 Sep 2025 12:41:43 GMT
	(envelope-from git)
Date: Thu, 25 Sep 2025 12:41:43 GMT
Message-Id: <202509251241.58PCfhsf004712@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: cc97633b4b7a - main - pfctl.8/pf.conf.5: Improve
  "once" bits
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: cc97633b4b7a3b670d6223b1cd79a0d807dcebbd
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=cc97633b4b7a3b670d6223b1cd79a0d807dcebbd

commit cc97633b4b7a3b670d6223b1cd79a0d807dcebbd
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-28 09:37:11 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-09-25 12:41:10 +0000

    pfctl.8/pf.conf.5: Improve "once" bits
    
    - use imperative tense in the pf.conf(5) "once" part
    - leave printing implementation details to pfctl(8)'s "-s rules" part
    - use more markup
    - debug mode also prints expired rules
    
    OK jmc sashan
    
    Obtained from:  OpenBSD, kn <kn@openbsd.org>, 1f1797aba7
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.8       | 9 ++++++++-
 share/man/man5/pf.conf.5 | 9 ++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index f1a2bbef6236..58de54cdf923 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 25, 2025
+.Dd August 28, 2025
 .Dt PFCTL 8
 .Os
 .Sh NAME
@@ -463,6 +463,13 @@ When used together with
 .Fl v ,
 the per-rule statistics (number of evaluations,
 packets, and bytes) are also shown.
+When used together with
+.Fl g
+or
+.Fl vv ,
+expired rules
+.Pq marked as Dq # expired
+are also shown.
 Note that the
 .Dq skip step
 optimization done automatically by the kernel
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index cb7fea467c2e..da02f10aac01 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -2259,12 +2259,11 @@ When the rate is exceeded, all ICMP is blocked until the rate falls below
 Limit each packet to be no more than the specified number of bytes.
 This includes the IP header, but not any layer 2 header.
 .It Ar once
-Creates a one shot rule.
-The first matching packet marks the rule as expired;
-any expired rules are no longer evaluated.
-Expired rules are only shown in verbose mode (-vv):
+Create a one shot rule.
+The first matching packet marks the rule as expired.
+Expired rules are skipped and hidden, unless
 .Xr pfctl 8
-will append '# expired' to note any once rules which have already been hit.
+is used in debug or verbose mode.
 .Pp
 .It Xo Ar queue Aq Ar queue
 .No \*(Ba ( Aq Ar queue ,