Changeset View
Changeset View
Standalone View
Standalone View
share/man/man5/pf.conf.5
| Show First 20 Lines • Show All 1,890 Lines • ▼ Show 20 Lines | pass in inet proto tcp from any to 1.2.3.4 \e | ||||
| port \*(Gt 1023 label \&"1.2.3.4:\*(Gt1023\&" | port \*(Gt 1023 label \&"1.2.3.4:\*(Gt1023\&" | ||||
| pass in inet proto tcp from any to 1.2.3.5 \e | pass in inet proto tcp from any to 1.2.3.5 \e | ||||
| port \*(Gt 1023 label \&"1.2.3.5:\*(Gt1023\&" | port \*(Gt 1023 label \&"1.2.3.5:\*(Gt1023\&" | ||||
| .Ed | .Ed | ||||
| .Pp | .Pp | ||||
| The macro expansion for the | The macro expansion for the | ||||
| .Ar label | .Ar label | ||||
| directive occurs only at configuration file parse time, not during runtime. | directive occurs only at configuration file parse time, not during runtime. | ||||
| .It Ar ridentifier Aq Ar number | |||||
| Add an identifier (number) to the rule, which can be used to correlate the rule | |||||
| to pflog entries, even after ruleset updates. | |||||
| .It Xo Ar queue Aq Ar queue | .It Xo Ar queue Aq Ar queue | ||||
| .No \*(Ba ( Aq Ar queue , | .No \*(Ba ( Aq Ar queue , | ||||
| .Aq Ar queue ) | .Aq Ar queue ) | ||||
| .Xc | .Xc | ||||
| Packets matching this rule will be assigned to the specified queue. | Packets matching this rule will be assigned to the specified queue. | ||||
| If two queues are given, packets which have a | If two queues are given, packets which have a | ||||
| .Em TOS | .Em TOS | ||||
| of | of | ||||
| ▲ Show 20 Lines • Show All 1,088 Lines • ▼ Show 20 Lines | filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | | ||||
| "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | | "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | | ||||
| "max-mss" number | "random-id" | "reassemble tcp" | | "max-mss" number | "random-id" | "reassemble tcp" | | ||||
| fragmentation | "allow-opts" | | fragmentation | "allow-opts" | | ||||
| "label" string | "tag" string | [ ! ] "tagged" string | | "label" string | "tag" string | [ ! ] "tagged" string | | ||||
| "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | | "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | | ||||
| "queue" ( string | "(" string [ [ "," ] string ] ")" ) | | "queue" ( string | "(" string [ [ "," ] string ] ")" ) | | ||||
| "rtable" number | "probability" number"%" | "prio" number | | "rtable" number | "probability" number"%" | "prio" number | | ||||
| "dnpipe" ( number | "(" number "," number ")" ) | | "dnpipe" ( number | "(" number "," number ")" ) | | ||||
| "dnqueue" ( number | "(" number "," number ")" ) | "dnqueue" ( number | "(" number "," number ")" ) | | ||||
| "ridentifier" number | |||||
| nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
| [ "on" ifspec ] [ af ] | [ "on" ifspec ] [ af ] | ||||
| [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | ||||
| [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | ||||
| [ portspec ] [ pooltype ] [ "static-port" ] | [ portspec ] [ pooltype ] [ "static-port" ] | ||||
| [ "map-e-portset" number "/" number "/" number ] ] | [ "map-e-portset" number "/" number "/" number ] ] | ||||
| binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
| [ "on" interface-name ] [ af ] | [ "on" interface-name ] [ af ] | ||||
| [ "proto" ( proto-name | proto-number ) ] | [ "proto" ( proto-name | proto-number ) ] | ||||
| "from" address [ "/" mask-bits ] "to" ipspec | "from" address [ "/" mask-bits ] "to" ipspec | ||||
| [ "tag" string ] [ "tagged" string ] | [ "tag" string ] [ "tagged" string ] | ||||
| [ "-\*(Gt" address [ "/" mask-bits ] ] | [ "-\*(Gt" address [ "/" mask-bits ] ] | ||||
| rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
| [ "on" ifspec ] [ af ] | [ "on" ifspec ] [ af ] | ||||
| [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | ||||
| [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | ||||
| [ portspec ] [ pooltype ] ] | [ portspec ] [ pooltype ] ] | ||||
| antispoof-rule = "antispoof" [ "log" ] [ "quick" ] | antispoof-rule = "antispoof" [ "log" ] [ "quick" ] | ||||
| "for" ifspec [ af ] [ "label" string ] | "for" ifspec [ af ] [ "label" string ] | ||||
| [ "ridentifier" number ] | |||||
| table-rule = "table" "\*(Lt" string "\*(Gt" [ tableopts-list ] | table-rule = "table" "\*(Lt" string "\*(Gt" [ tableopts-list ] | ||||
| tableopts-list = tableopts-list tableopts | tableopts | tableopts-list = tableopts-list tableopts | tableopts | ||||
| tableopts = "persist" | "const" | "counters" | "file" string | | tableopts = "persist" | "const" | "counters" | "file" string | | ||||
| "{" [ tableaddr-list ] "}" | "{" [ tableaddr-list ] "}" | ||||
| tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec | tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec | ||||
| tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ] | tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ] | ||||
| tableaddr = hostname | ifspec | "self" | | tableaddr = hostname | ifspec | "self" | | ||||
| ▲ Show 20 Lines • Show All 169 Lines • Show Last 20 Lines | |||||