Considered BETA now [Re: New PF (OpenBSD 3.7
***ALPHA-preview***)]
Daniel Hartmeier
daniel at benzedrine.cx
Wed Apr 27 11:59:05 PDT 2005
On Wed, Apr 27, 2005 at 07:50:16PM +0100, Greg Hennessy wrote:
> ~ # pfctl -v -s Anchors -a nbt:nbt
Anchors have changed significantly in 3.7. Before, there were only two
levels, like "first:second". Now they can be nested arbitrarily, and the
syntax is like that of files within (sub)directories, like
"first/second"
"first/second/third"
Note that ':' is replaced by '/' now.
The semantics have also changed. Before, only the second level would
actually contain rules. Now every level can contain rules. There's two
forms of 'calls' now, which evaluate rules in anchors, like
anchor "first/second"
anchor "first/*"
The first form (without the '*') will only evaluate the rules within the
second anchor, while the second form will evaluate all rules within any
sub-anchors of first (but not rules in first itself).
See the updated pf.conf(5) man page, section ANCHORS for more details.
If you've been using anchors before, you'll likely have to make some
changes, at least to the syntax.
Daniel
More information about the freebsd-pf
mailing list