From nobody Thu Sep 25 12:41:36 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cXYHj1drCz68SG3; Thu, 25 Sep 2025 12:41:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cXYHh4yVnz42S6; Thu, 25 Sep 2025 12:41:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758804096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KlD81na3J/4XOBr/uchZjdGkHjP74h4pnf7T0Up9VAw=; b=UfEOcn5oKvZeK4QlsRXk5ngRvapkHW1PvR5NkIJHLkNRQdRPGzE0XU5ReYJJqYMSNH49ca QuLq1j/v49ROu443Bj/hImlf7aCr/6qLpub4SbqZMxb2xhXRY8gQmv1OFWTdZpcTgwtJlb 08l0wWWFsAuYsqFB6lHyMViERnHYlorEudkDYFF+YhOMkdE6NX6pQjwW35MCAG0ZLCXj5O 2RI9WOsgUnVsU2Co08c0tnJZqtLJvg/wzaBP1gxAK6V0YXpxoDHT1ByoVBNfPyCAWRGvpm cBznC3R+zGkCGDV7E/OpmjNOdWYl3FAtYchAnLOP36mRCKPd18zDVBhMIF+toA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758804096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KlD81na3J/4XOBr/uchZjdGkHjP74h4pnf7T0Up9VAw=; b=X0j5Znq2JVqGWpAcp5wMeZjW5BZoCN1i260kSokQoM/5TKna7bDEmZ9zTQZhposbZ13FIJ OqaiTP0THzBj2SYapgo32urwyDOJZrVmm/KecWhJU8Vi14eeUSzoWaFEMMlJI1zdHv6wdz dXEB3SlW1+/QYZwGSBTyY6+EZXMsQqItxVhn2wuhjjp4GmTUP+1cs7DI+gwKNt6KFCyzzr 5Xcdn8Lzha2kc21mi9bxtGhdcuN2ihDCppw2mNmit+MGlXUYHXUg68kaxyX50NHhHZljmD Oufxh/w333+IfyvFiN6qo+dnNP/fE0WuAeYKTQi7Y/6xUTRJQwFNRXJ+cnjQ+g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758804096; a=rsa-sha256; cv=none; b=e+4jOBV0N208Rr/X5WzOSGRNIMy/coNMTFQhl5MfIJEXPknqZ9O1Td56+xmWXx5onPPjMj YnivjVPDTzxgY6oeVCp8fGQDVgEFeMD9yRZTvbic9VTjHPoBLemMYcAAJ/TwqGAwI6VBAW QtNPjR512X14hXMbuqdzw+xuCAfVRDuWPw5Bpip/ZqA7ChIo5uL0Dt5M0Yl1MN7i0CFDGU WxnXnLeLW4yrNoGEGjSt36VrrBSMhLB8nOfsIcM3UA5g+U+2a90cI5Y7Kdw5oriHuAHB9q gfIMZOuWeix0aCkFCtn3ZdN2evoIEYF24efgtleyiTnf5nVNVt2khIQA2aHBTg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cXYHh4Qdgz1GxB; Thu, 25 Sep 2025 12:41:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58PCfa0Q001835; Thu, 25 Sep 2025 12:41:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58PCfaaq001832; Thu, 25 Sep 2025 12:41:36 GMT (envelope-from git) Date: Thu, 25 Sep 2025 12:41:36 GMT Message-Id: <202509251241.58PCfaaq001832@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: b7ff11b380bf - main - pf.conf.5: Document a "once" filter option used to create one shot rules. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b7ff11b380bf6ffaa5181596766e2f21a1eec962 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b7ff11b380bf6ffaa5181596766e2f21a1eec962 commit b7ff11b380bf6ffaa5181596766e2f21a1eec962 Author: Kristof Provost AuthorDate: 2025-08-27 13:58:40 +0000 Commit: Kristof Provost CommitDate: 2025-09-25 12:41:08 +0000 pf.conf.5: Document a "once" filter option used to create one shot rules. ok henning, mcbride, jmc Obtained from: OpenBSD, mikeb , 355f9a50c1 Sponsored by: Rubicon Communications, LLC ("Netgate") --- share/man/man5/pf.conf.5 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 02114b3eaf3c..b87401f8bb34 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd August 25, 2025 +.Dd August 27, 2025 .Dt PF.CONF 5 .Os .Sh NAME @@ -2258,6 +2258,10 @@ When the rate is exceeded, all ICMP is blocked until the rate falls below .It Ar max-pkt-size Aq Ar number Limit each packet to be no more than the specified number of bytes. This includes the IP header, but not any layer 2 header. +.It Ar once +Creates a one shot rule that will remove itself from an active ruleset after +the first match. +.Pp .It Xo Ar queue Aq Ar queue .No \*(Ba ( Aq Ar queue , .Aq Ar queue ) @@ -3443,7 +3447,7 @@ filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | [ "(" state-opts ")" ] | "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | "max-mss" number | "random-id" | "reassemble tcp" | - fragmentation | "allow-opts" | + fragmentation | "allow-opts" | "once" | "label" string | "tag" string | [ "!" ] "tagged" string | "max-pkt-rate" number "/" seconds | "set prio" ( number | "(" number [ [ "," ] number ] ")" ) |