pf.conf.5: should clearly state range match operator ':' does not work for uid/gid.
OK @kn, OK @sthen Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 4521e23a38 Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
@@ -27,7 +27,7 @@
|
||||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd July 2, 2025
|
||||
.Dd July 7, 2025
|
||||
.Dt PF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -2047,6 +2047,21 @@ connections:
|
||||
block out proto { tcp, udp } all
|
||||
pass out proto { tcp, udp } all user { < 1000, dhartmei }
|
||||
.Ed
|
||||
.Pp
|
||||
The example below permits users with uid between 1000 and 1500
|
||||
to open connections:
|
||||
.Bd -literal -offset indent
|
||||
block out proto tcp all
|
||||
pass out proto tcp from self user { 999 >< 1501 }
|
||||
.Ed
|
||||
.Pp
|
||||
The
|
||||
.Sq \&:
|
||||
operator, which works for port number matching, does not work for
|
||||
.Cm user
|
||||
and
|
||||
.Cm group
|
||||
match.
|
||||
.It Xo Ar flags Aq Ar a
|
||||
.Pf / Ns Aq Ar b
|
||||
.No \*(Ba / Ns Aq Ar b
|
||||
|
||||
Reference in New Issue
Block a user