On 09/28/2016 07:05 PM, Janne Johansson wrote: > Apart from PF failing the syntax, what would one expect to achieve with > >=0 ? > > That would always cover all users, since its never a negative number. > /usr/include/sys/types.h:typedef __uid_t uid_t; > /* user id */ > /usr/include/sys/_types.h:typedef __uint32_t __uid_t; > /* user id */ > > No, PF do not failing the syntax, pfctl -f pf.conf without any error and pfctl can load the rule (pfctl -sr can see it)
I mean is why, below rule do not let traceroute work? pass out quick on $ext_if inet proto udp from ($ext_if) to any user 0 then run traceroute as root: traceroute google.com traceroute to google.com (216.58.221.238), 64 hops max, 40 byte packets traceroute: sendto: No route to host 1 traceroute: wrote google.com 40 chars, ret=-1 Thanks. -- Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
signature.asc
Description: OpenPGP digital signature
