On 2009-02-24, Chris Smith <obsd_m...@chrissmith.org> wrote: > On Tue, Feb 24, 2009 at 8:17 AM, Imre Oolberg <i...@auul.pri.ee> wrote: >> 2. issuing 'systat rules' i look for exact entries, like >> /ftp-proxy/26694.100
pfctl -sA -v is simpler. > Maybe that is necessary but the man page (unless I'm misunderstanding > it - wouldn't be the first time) seems to indicate otherwise: >================================================== > By default, recursive inline printing of anchors applies only to > unnamed anchors specified inline in the ruleset. If the anchor > name is terminated with a `*' character, the -s flag will recur- > sively print all anchors in a brace delimited block. For example > the following will print the ``authpf'' ruleset recursively: > > # pfctl -a 'authpf/*' -sr > > To print the main ruleset recursively, specify only `*' as the > anchor name: > > # pfctl -a '*' -sr >================================================== it does specifically mention "brace delimited block" there. but it would certainly be convenient if it did recurse over these.
