pf.conf.5: should clearly state range match operator ':' does not work for uid/gid.

OK @kn, OK @sthen

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, 4521e23a38
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost
2025-07-07 09:12:36 +02:00
parent c87390026a
commit 1ae17b65b6
+16 -1
View File
@@ -27,7 +27,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd July 2, 2025
.Dd July 7, 2025
.Dt PF.CONF 5
.Os
.Sh NAME
@@ -2047,6 +2047,21 @@ connections:
block out proto { tcp, udp } all
pass out proto { tcp, udp } all user { < 1000, dhartmei }
.Ed
.Pp
The example below permits users with uid between 1000 and 1500
to open connections:
.Bd -literal -offset indent
block out proto tcp all
pass out proto tcp from self user { 999 >< 1501 }
.Ed
.Pp
The
.Sq \&:
operator, which works for port number matching, does not work for
.Cm user
and
.Cm group
match.
.It Xo Ar flags Aq Ar a
.Pf / Ns Aq Ar b
.No \*(Ba / Ns Aq Ar b