Date: Mon, 14 Jan 2008 19:30:02 GMT From: clemens fischer <ino-news@spotteswoode.dnsalias.org> To: freebsd-pf@FreeBSD.org Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work Message-ID: <200801141930.m0EJU2An004256@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/119661; it has been noted by GNATS. From: clemens fischer <ino-news@spotteswoode.dnsalias.org> To: bug-followup@freebsd.org, ino-news@spotteswoode.dnsalias.org Cc: Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work Date: Mon, 14 Jan 2008 20:02:47 +0100 as it turns out, the BNF in pf.conf(5) is wrong and the rule listing by "pfctl -sa" gets it wrong, too. the former doesn't imply a particular order of filter options and the latter displays them in a way that cannot be specified as input in etc/pf.conf. to get: pass out log (all) proto tcp from any to any flags S/SA modulate state \ label "27: outbound tcp keep state" \ queue(interactive, tcp_ack) you must write: pass out log (all) proto tcp from any to any modulate state \ queue (interactive, tcp_ack) \ label "$nr: outbound $proto keep state" if you reverse the order of "queue (...)" and "label ...", the rule doesn't get parsed at all with no error report. regards, clemens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801141930.m0EJU2An004256>