From nobody Mon Jul 7 15:08:05 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bbSKf4Xl2z61wPP; Mon, 07 Jul 2025 15:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bbSKf1B8Wz3wgW; Mon, 07 Jul 2025 15:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XMflI7HlVTzUVDJTvh/K5EXOiPK+t5h3EHMLqNgjBBQ=; b=g5mZduvxXpeh18A2thmqDW5zn0bnmIm5zhnAAzCsMUnXjzg1L6lEXOIFZp/Zulizyywbwj MbGULytRzWpBBWFqJaCmetsgnpC7ANriRM2kh0HbanTXtzCxidN4kmN/DPfUQOSP5RA2br wT5jfK9Pa5I0jUa5JZQ3LVwnIP+3BsMgR69A3iAv3RCr8A/Tj0odsgglZu4dIBxTKCjE4S ikAaMvBHmSJzMR5L2e4ht3tqVyKep3xVRTJ7AgVpwhrgVkuA6l5Od0J1RWhHmQY3KX3yv4 gqd4g+MMhHQMZz+SQN6CVYlIjydTnhluXa5TRIiudwYkIFF2SRrURGv5KaoLrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XMflI7HlVTzUVDJTvh/K5EXOiPK+t5h3EHMLqNgjBBQ=; b=EE4m24NrpvKfciGF5mIYsk3LLru1xIa1W4xI87UCDspIoiqsJrGfp1rnO11h2omv2OJFEB tlIg6ek7vDDSp42u2PzxE1Xa0pGQpWVqZX6BlMEMNuCQocY5tklcDmBBFVH57uN1nA69uM uijQW7IhJoWqi1VC4qTfvjUPyEX4nvz0IYBG+CRfFHwmNiHpnghHjn7ajHoaWFacwNXhJh 5LGMYjiQUsXEW3xBx4/8xr/3MYBZ4a70bXMZxiZFO0M8/IR+s21pcs/TI5mHUTWqxSAGA5 RYzna6FMuOSTDlztoCbeGRr9soEDaDTRpROqzr0C4t7BiS04KdcWBbjOv0vfxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751900886; a=rsa-sha256; cv=none; b=P2pXt5k5O25E8crjYoUWaTgtQHjDr4AxAU3eVGeIKYqA5rxSDFgSBjiT+/dxVobndPtFoG 6GR9X1AL4XbZGAriEe8A5pDbg4VpNZ+4Dly0bOkrjHBeUFJVVAaQwNwYCF/9obq62RmTdm 5RlVVkXs+XcB7T3dFjsS+2M1CFa8mgSqx3zfEbOQc8BcQq0itoH93FDWfOJQLa1789v5QX keaP5F2YC4ErLQHa5DU7pitFHR76h7O/K765UQbFvhW8dizErQE2kUMSokSujhBT0hum7y uc5tEOSRB1G4Z+L4BQepE6WRqz/+pQ8OyUzAZW3ibTB6dSVqQ/Mr1TpyU0TLkg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bbSKf0gYWzwP0; Mon, 07 Jul 2025 15:08:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 567F85Cf016966; Mon, 7 Jul 2025 15:08:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 567F85Ft016963; Mon, 7 Jul 2025 15:08:05 GMT (envelope-from git) Date: Mon, 7 Jul 2025 15:08:05 GMT Message-Id: <202507071508.567F85Ft016963@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 5606ac2fcadf - main - pf.conf.5, pfctl.8: update to PF pfctl(8) and pf.conf(5) manpages List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5606ac2fcadf801fc5485c3326fc678e77eab377 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5606ac2fcadf801fc5485c3326fc678e77eab377 commit 5606ac2fcadf801fc5485c3326fc678e77eab377 Author: Kristof Provost AuthorDate: 2025-07-02 16:25:56 +0000 Commit: Kristof Provost CommitDate: 2025-07-07 15:06:51 +0000 pf.conf.5, pfctl.8: update to PF pfctl(8) and pf.conf(5) manpages great input by Ingo, Jason and Klemens OK schwarze@, OK kn@, OK jmc@ Obtained from: OpenBSD, sashan , acd7255d6a Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.8 | 5 ++++- share/man/man5/pf.conf.5 | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 2391c1d1cd12..28efff896956 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -224,7 +224,10 @@ Flush the tables. .It Fl F Cm osfp Flush the passive operating system fingerprints. .It Fl F Cm Reset -Reset limits, timeouts and options back to default settings. +Reset limits, timeouts and other options back to default settings. +See the OPTIONS section in +.Xr pf.conf 5 +for details. .It Fl F Cm all Flush all of the above. .El diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 3c9706063a65..fe848b030484 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 26, 2025 +.Dd July 2, 2025 .Dt PF.CONF 5 .Os .Sh NAME @@ -542,6 +542,9 @@ an ICMP UNREACHABLE is returned for blocked UDP packets, and all other packets are silently dropped. .El .Pp +The default value is +.Cm drop . +.Pp For example: .Bd -literal -offset indent set block-policy return @@ -666,6 +669,8 @@ but can be overridden via this option. Setting this option may leave a small period of time where the fingerprints referenced by the currently active ruleset are inconsistent until the new ruleset finishes loading. +The default location for fingerprints is +.Pa /etc/pf.os . .Pp For example: .Pp