On Sun, May 08, 2022 at 09:58:47PM +0200, Alexandr Nedvedicky wrote: > Hello, > > On Sun, May 08, 2022 at 08:06:57PM +0200, Alexander Bluhm wrote: > > On Sun, May 08, 2022 at 06:37:57PM +0200, Alexandr Nedvedicky wrote: > > > this tiny update to pf.conf(5) has been prompted here [1] on > > > pf mailing list. By default only ICMP queries are allowed > > > to create state in pf(4). The sloppy option relaxes that > > > so also ICMP replies can create a state. I think this should > > > be also mentioned in pf.conf(5) > > > > > > OK to my suggestion below? > > > > I would make it a bit shorter. pf.conf(5) is very long already. > > > > With this option ICMP replies can create states. > > > > Does this describe everything? > > yes, it does. I Like it. Updated diff below.
OK bluhm@ > --------8<---------------8<---------------8<------------------8<-------- > diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 > index fe4b117994a..e4af2a37c5e 100644 > --- a/share/man/man5/pf.conf.5 > +++ b/share/man/man5/pf.conf.5 > @@ -2186,6 +2186,7 @@ It cannot be used with > .Cm modulate state > or > .Cm synproxy state . > +With this option ICMP replies can create states. > .It Ar timeout seconds > Changes the > .Ar timeout
