From owner-freebsd-pf@FreeBSD.ORG  Wed Apr 27 18:59:05 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B073716A4CF
	for <freebsd-pf@freebsd.org>; Wed, 27 Apr 2005 18:59:05 +0000 (GMT)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CDF5E43D39
	for <freebsd-pf@freebsd.org>; Wed, 27 Apr 2005 18:59:04 +0000 (GMT)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	j3RIx37d009929
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Wed, 27 Apr 2005 20:59:03 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.13.3/8.12.10/Submit) id j3RIx2LK017122;
	Wed, 27 Apr 2005 20:59:02 +0200 (MEST)
Date: Wed, 27 Apr 2005 20:59:02 +0200
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Greg Hennessy <Greg.Hennessy@nviz.net>
Message-ID: <20050427185902.GC1264@insomnia.benzedrine.cx>
References: <200504272024.41241.max@love2party.net>
	<20050427185016.AB09C16@gw2.local.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050427185016.AB09C16@gw2.local.net>
User-Agent: Mutt/1.5.6i
cc: freebsd-pf@freebsd.org
Subject: Re: Considered BETA now [Re: New PF (OpenBSD 3.7
	***ALPHA-preview***)]
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2005 18:59:05 -0000

On Wed, Apr 27, 2005 at 07:50:16PM +0100, Greg Hennessy wrote:

> ~ # pfctl -v -s Anchors -a nbt:nbt

Anchors have changed significantly in 3.7. Before, there were only two
levels, like "first:second". Now they can be nested arbitrarily, and the
syntax is like that of files within (sub)directories, like

  "first/second"
  "first/second/third"

Note that ':' is replaced by '/' now.

The semantics have also changed. Before, only the second level would
actually contain rules. Now every level can contain rules. There's two
forms of 'calls' now, which evaluate rules in anchors, like

  anchor "first/second"
  anchor "first/*"

The first form (without the '*') will only evaluate the rules within the
second anchor, while the second form will evaluate all rules within any
sub-anchors of first (but not rules in first itself).

See the updated pf.conf(5) man page, section ANCHORS for more details.
If you've been using anchors before, you'll likely have to make some
changes, at least to the syntax.

Daniel