On Thu, Jan 27, 2005 at 01:00:32PM -0500, Peter Fraser wrote:
> action direction [log] [quick] on interface [af] [proto protocol] \
> from src_addr [port src_port] to dst_addr [port dst_port] \
> [flags tcp_flags] [state]
>
> which shows the "on interface" as being required.
Yes, that part of the web page is wrong (or, rather, outdated) now. The
more authorative source is the man page, pf.conf(5), which contains
this:
pf-rule = action [ ( "in" | "out" ) ]
[ "log" | "log-all" ] [ "quick" ]
[ "on" ifspec ] [ route ] [ af ] [ protospec ]
hosts [ filteropt-list ]
Therefore, yes, the 'on interface' part is optional.
Reporting errors in manuals (including web pages) is of course welcome.
The confusion in this case was that you didn't previously mention the
source, or just called it 'manual'. When I checked the man page, there
was no error, hence the report seemed wrong.
> also for example quoting from the manual
>
> Macros can be defined recursively. Since macros are not
> expanded within quotes the following syntax must be used:
>
> In that case you would think this would work
> a = "10/8"
> b = "$a"
> pass from any to $b
> It doesn't, and it is best that it doesn't.
>
> What the statement probably should have been was:
>
> During macro definition the defining text may contain macros which are
> expanded at time of definition. Reserved words, symbols and addresses
> must be
> enclosed in quotes.
I don't see an obvious improvement in your wording, for me 'are not
expanded within quotes' expresses precisely that, while in your
sentence, I don't know what 'symbols' would refer to. Macro names?
Daniel
