git: 7e1affa242ca - main - pf.conf.5: revise divert-to and divert-reply
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Nov 2023 13:05:13 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7e1affa242ca83710eb64e2c6184263fbea3deb7 commit 7e1affa242ca83710eb64e2c6184263fbea3deb7 Author: Igor Ostapenko <pm@igoro.pro> AuthorDate: 2023-11-17 20:01:17 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2023-11-20 11:30:18 +0000 pf.conf.5: revise divert-to and divert-reply --- share/man/man5/pf.conf.5 | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index b241e5173ef0..3193c18760c8 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 27, 2023 +.Dd November 17, 2023 .Dt PF.CONF 5 .Os .Sh NAME @@ -2151,19 +2151,22 @@ Only effective before the route lookup happened, i.e. when filtering inbound. .It Xo Ar divert-to Aq Ar host .Ar port Aq Ar port .Xc -Used to redirect packets to a local socket bound to -.Ar host -and +Used to +.Xr divert 4 +packets to the given divert .Ar port . -The packets will not be modified, so -.Xr getsockname 2 -on the socket will return the original destination address of the packet. +Historically +.Ox pf has another meaning for this, and +.Fx pf uses +this syntax to support +.Xr divert 4 instead. Hence, +.Ar host +has no meaning and can be set to anything like 127.0.0.1. +If a packet is re-injected and does not change direction then it will not be +re-diverted. .It Ar divert-reply -Used to receive replies for sockets that are bound to addresses -which are not local to the machine. -See -.Xr setsockopt 2 -for information on how to bind these sockets. +It has no meaning in +.Fx pf . .It Ar probability Aq Ar number A probability attribute can be attached to a rule, with a value set between 0 and 1, bounds not included.