On 2011/06/15 09:18, Jason McIntyre wrote:
> >
> > You're right about it getting copied to other places, there are 9
> > copies in tree and I'd rather not come up with an example for each,
> > so I would be happier to have it in the text rather than as an
> > example if it can be done clearly, but I haven't managed it...
> >
>
> so i suggest you just go with wording similar to that which i proposed,
> which does cover the case we're talking about. i think florian's tweak
> ("including comments") was definitely an improvement.
>
> i don;t think marco's suggestion will help though - i think without any
> clear context or examples, the sentence is likely to confuse more people
> than help. i know i wouldn;t have understood it exactly without having
> had this conversation.
>
> remember this issue (such that it is) is only going to effect a very
> small number of people.
perhaps a small number of people, but it can be a very serious
issue indeed. particularly for pf.conf it needs to be crystal clear.
compare output from these two:
$ cat << EOF | pfctl -nvf -
pass out quick on lan \
# inet proto {udp,tcp} from {10.71.38.0/24} \
inet proto {udp,tcp} from {10.71.38.0/24, 10.71.100.0/22} \
to port {http, https}
EOF
$ cat << EOF | pfctl -nvf -
pass out quick on lan \
inet proto {udp,tcp} from {10.71.38.0/24, 10.71.100.0/22} \
to port {http, https}
EOF
