On Wed, Jul 13, 2011 at 01:28:10PM +0900, Ryan McBride wrote:
> Thanks for pointing this out, it was an oversight in the recent changes
> to pf_test_rule().
>
> I recommend specifying explicitly the correct protocols if you're
> wanting to to match by user/group/os fingerprints.
>
> block return out log proto { tcp, udp } all user = 1002
>
> If you'd like, you can apply the patch below which will force you to do
> it this way, but it's not strictly necessary. (hopefully this will be in
> a snapshot near you soon)
Thank you, it's working now (snapshot Jul 15; I checked your commits.).
jirib
