Peter Fraser wrote:
> man pf.conf never describes what "!" does. The "!" is used in some examples
> and
> a lot of the time is obvious what will happens. The pf faq has somewhat more
> of
> an explanation of "!" with multiple address, but its explanation only refers
> to the
> use of "!" in tables. There is never any statement of what !addr.
I've always thought it was the logical not.
> I expect that description given in the pf faq covers the behavior of "!" in
> any
> places that ip addresses are given.
>
> I tripped over this when I want to block 2 ip address from accessing a
> service
>
> I (and I realize I was wrong ) always considered that
>
> pass quick from { addr 1, addr2 }
>
> Could be written as
>
> pass quick from addr1
> pass quick from addr2
>
> put if "!" are used this obvious should not be true
>
> pass quick from { !addr1, !addr2 }
>
> cannot be the same as ( at least I hope since I haven't built the system to
> test it)
>
> pass quick from !addr1
> pass quick from !addr2
>
> furthermore the descriptions that do exist do not cover the boundary cases
>
> such as 192.168.0.1-192.168.0.30 !192.168.0.20-192.168.0.40
