Considered BETA now [Re: New PF (OpenBSD 3.7 ***ALPHA-preview***)]

Daniel Hartmeier daniel at
Wed Apr 27 11:59:05 PDT 2005

On Wed, Apr 27, 2005 at 07:50:16PM +0100, Greg Hennessy wrote:

> ~ # pfctl -v -s Anchors -a nbt:nbt

Anchors have changed significantly in 3.7. Before, there were only two
levels, like "first:second". Now they can be nested arbitrarily, and the
syntax is like that of files within (sub)directories, like


Note that ':' is replaced by '/' now.

The semantics have also changed. Before, only the second level would
actually contain rules. Now every level can contain rules. There's two
forms of 'calls' now, which evaluate rules in anchors, like

  anchor "first/second"
  anchor "first/*"

The first form (without the '*') will only evaluate the rules within the
second anchor, while the second form will evaluate all rules within any
sub-anchors of first (but not rules in first itself).

See the updated pf.conf(5) man page, section ANCHORS for more details.
If you've been using anchors before, you'll likely have to make some
changes, at least to the syntax.


More information about the freebsd-pf mailing list