From nobody Wed May 28 21:55:48 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b73GY4bM5z5xJgc;
	Wed, 28 May 2025 21:55:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4b73GX614Wz4752;
	Wed, 28 May 2025 21:55:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1748469348;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5cmIuohQAj5e+teIN9sZd+/LpR/j5lA9qWRAPLWJBNE=;
	b=gE7uHoLJpdtOIyFgwBQeftcIOawgT473BMoE1i8BMJ4bfg531N+7aomqI25cb4coOz0zpk
	rVKIXdbGCwZV9A8PDUhgV4VyUOQATwui2wdqYAwp+eMerji6kRl9qBVMoAw0NEBkpdQ+Hn
	vqwhXllWpQUx1KZ70hm3thXL/itBNy2CVdcfaznh7zktT4cer/mvyTzSXerFCDCJ6fybl/
	jFzr5bYXMncrcXVYZCGHKxk4PvoxLUrEqk1y5MoO0mNUXhPhe9VDl785fvAgWjzbIP29bp
	j/NONP4dcH9X9CpQqAqaBzWNIAKRo9hpeWbYebVeV0+D1Nk8ze2uDBvddiXuFw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748469348; a=rsa-sha256; cv=none;
	b=RVRKyr28487GSWU+obldjYbGCnvMspDsv0JW/wgrhAmdZNF6HCToKZs8q8YolL1TPf5JDs
	3kZfQsDuooQtjsY8v245Ij343cuoDDXIMiDaocm8HojMjfbUNtx1u8GnLsjrGosY3gi1kc
	qkAf0HHNuEjnNxS7ZGlpUuX7JOTozNIlawAPQWj+8dIjgcMMA0xj4kYwISwr69JkFlTclg
	6eBeo1wR2cCZdl1g55+wNtn+drwD6eVVqG875QxWkinqjRICq8Bka0Ga0gL+19/o9kckrh
	uMGVU/9dZ3huSkBjA4IUndbHz7bX3g0sqxlQSSfu7NuYIP3zL2vdji4aDCZn9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1748469348;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5cmIuohQAj5e+teIN9sZd+/LpR/j5lA9qWRAPLWJBNE=;
	b=ufouYUF1u8CS/6iIP4IHu3yi3hp8/ZV56nju+N0pV86MmkegxktmppYY9PxHpEOc2pTvE1
	+dJV0+nKWiXR9hJpFt+ygULsonFRcQYjggjw7KSiKm5RLIq8nSnzMypnetvpMawTAfGpNu
	lsq4mbxRNLYPZYBldqJfVteF4SN0YRsIwVv9jRBhi8pMt1R4rhuE3jiMbnx3pHS3hO1ls5
	tBmxAMT3r6g2gv27BNIJP4my3IlSeByTxJnYohRhokxJCio7yC5RmxBKj8GYCEKaJfVgc0
	q82FRmCedL7oNmUdiXOSLA2/+evekpaasiqK9Gq+GU3xMEhnmKkBMOqGuxXxQQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b73GX4wYvzvqf;
	Wed, 28 May 2025 21:55:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 54SLtm6M054867;
	Wed, 28 May 2025 21:55:48 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 54SLtmST054864;
	Wed, 28 May 2025 21:55:48 GMT
	(envelope-from git)
Date: Wed, 28 May 2025 21:55:48 GMT
Message-Id: <202505282155.54SLtmST054864@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: d321dc9783bf - main - pf.conf.5: better describe "!"
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: d321dc9783bf55f8c128ec9e4cdb362eab77b8eb
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d321dc9783bf55f8c128ec9e4cdb362eab77b8eb

commit d321dc9783bf55f8c128ec9e4cdb362eab77b8eb
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-05-26 08:02:36 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-05-28 21:40:36 +0000

    pf.conf.5: better describe "!"
    
    from michal mazurek, tweaked a bit by myself
    
    Obtained from:  OpenBSD, jmc <jmc@openbsd.org>, 5e78806cfb
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 share/man/man5/pf.conf.5 | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index b75143f81b4b..6cabdc6741a6 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 8, 2025
+.Dd May 26, 2025
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -724,6 +724,9 @@ A packet always comes in on, or goes out through, one interface.
 Most parameters are optional.
 If a parameter is specified, the rule only applies to packets with
 matching attributes.
+The matching for some parameters can be inverted with the
+.Cm !\&
+operator.
 Certain parameters can be expressed as lists, in which case
 .Xr pfctl 8
 generates all needed rule combinations.
@@ -2239,7 +2242,7 @@ For example:
 pass in proto tcp to port 25 set prio 2
 pass in proto tcp to port 22 set prio (2, 5)
 .Ed
-.It Ar received-on Aq Ar interface
+.It Oo Cm \&! Oc Ns Cm received-on Ar interface
 Only match packets which were received on the specified
 .Ar interface
 (or interface group).
@@ -2272,12 +2275,6 @@ Tags take the same macros as labels (see above).
 Used with filter, translation or scrub rules
 to specify that packets must already
 be tagged with the given tag in order to match the rule.
-Inverse tag matching can also be done
-by specifying the
-.Cm !\&
-operator before the
-.Ar tagged
-keyword.
 .It Ar rtable Aq Ar number
 Used to select an alternate routing table for the routing lookup.
 Only effective before the route lookup happened, i.e. when filtering inbound.
@@ -3379,7 +3376,7 @@ filteropt      = user | group | flags | icmp-type | icmp6-type | "tos" tos |
                  "fragment" | "no-df" | "min-ttl" number | "set-tos" tos |
                  "max-mss" number | "random-id" | "reassemble tcp" |
                  fragmentation | "allow-opts" |
-                 "label" string | "tag" string | [ ! ] "tagged" string |
+                 "label" string | "tag" string | [ "!" ] "tagged" string |
                  "set prio" ( number | "(" number [ [ "," ] number ] ")" ) |
                  "queue" ( string | "(" string [ [ "," ] string ] ")" ) |
                  "rtable" number | "probability" number"%" | "prio" number |