https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850
--- Comment #2 from veg...@tuxpowered.net --- I'm sorry but I did not bother to check OpenBSD syntax. Isn't FreeBSD diverted beyond the point of caring about it anyway? There are other ways to handle this without changing rule syntax, but then it would not be tunable per rule: 1. have all "pass" rules always return if they fail 2. add new pf.conf "set" option 3. follow global "set block-policy" option Option 3 is the least invasive one but is not a solution for my particular issue - I want the firewall to silently drop packets when there is no matching rule but be verbose when a rule fails. I will prepare a patch for solution 2. That would mean no change in rule syntax, no change in default behaviour and possibility to enable this fix if anybody finds this to be a bug for them too. To be honest doing it this way also means I can easily implement it in my environment. The patch I prepared yesterday would require me to change how rules are generated depending on FreeBSD release and kernel patch level. Single change in pf.conf is way easier to do as I create the resulting pf.conf from multiple files coming from different sources. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
