On Fri, May 22, 2015 at 10:15 AM, Henning Brauer <hb-openbsdt...@ml.bsws.de> wrote:
> * sven falempin <sven.falem...@gmail.com> [2015-05-22 14:18]: > > looking the rule actually show and unexpected result : > > > match log on vic0 inet proto icmp from any to ! 8.8.8.8 > > match log on vic0 inet proto icmp from any to 8.8.4.4 > > so it's even worse, you lose the negation on expansion for subsequent > rules. > > > This result are really puzzling for me, > > when i first test the table negation i was really glad that list negation > > was possible, > > the (block) alternative is often ridiculous to write. > > so use a table - since lists are expanded at load time, negation there > just can't work that way. > > I certainly could do that, and I understand this table behavior while looking for list negation. But it does not explain the output i have. -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
