D40870.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D40870.diff
View Options

	diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
	--- a/share/man/man5/pf.conf.5
	+++ b/share/man/man5/pf.conf.5
	@@ -28,7 +28,7 @@
	.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	.\" POSSIBILITY OF SUCH DAMAGE.
	.\"
	-.Dd April 26, 2023
	+.Dd June 21, 2023
	.Dt PF.CONF 5
	.Os
	.Sh NAME
	@@ -493,6 +493,7 @@
	Packet is silently dropped.
	.It Ar return
	A TCP RST is returned for blocked TCP packets,
	+an SCTP ABORT chunk is returned for blocked SCTP packets,
	an ICMP UNREACHABLE is returned for blocked UDP packets,
	and all other packets are silently dropped.
	.El
	@@ -517,6 +518,7 @@
	Incoming packet is silently dropped.
	.It Ar return
	Incoming packet is dropped and TCP RST is returned for TCP packets,
	+an SCTP ABORT chunk is returned for blocked SCTP packets,
	an ICMP UNREACHABLE is returned for UDP packets,
	and no response is sent for other packets.
	.El
	@@ -1267,8 +1269,8 @@
	such a rule as long as they are not blocked by the filtering section of
	.Nm pf.conf .
	The translation engine modifies the specified address and/or port in the
	-packet, recalculates IP, TCP and UDP checksums as necessary, and passes it to
	-the packet filter for evaluation.
	+packet, recalculates IP, TCP and UDP checksums as necessary, and passes
	+it to the packet filter for evaluation.
	.Pp
	Since translation occurs before filtering the filter
	engine will see packets as they look after any
	@@ -1404,6 +1406,7 @@
	.Xr icmp 4 ,
	.Xr icmp6 4 ,
	.Xr tcp 4 ,
	+.Xr sctp 4 ,
	.Xr udp 4 )
	headers.
	In addition, packets may also be
	@@ -1453,7 +1456,8 @@
	.It Ar return
	This causes a TCP RST to be returned for
	.Xr tcp 4
	-packets and an ICMP UNREACHABLE for UDP and other packets.
	+packets, an SCTP ABORT for SCTP
	+and an ICMP UNREACHABLE for UDP and other packets.
	.El
	.Pp
	Options returning ICMP packets currently have no effect if
	@@ -1654,6 +1658,7 @@
	.Xr icmp 4 ,
	.Xr icmp6 4 ,
	.Xr tcp 4 ,
	+.Xr sctp 4 ,
	and
	.Xr udp 4 .
	For a list of all the protocol name to number mappings used by
	@@ -2853,6 +2858,14 @@
	characters will require double quote
	.Pq Sq \&"
	characters around the anchor name.
	+.Sh SCTP CONSIDERATIONS
	+.Xr pf 4
	+supports
	+.Xr sctp 4
	+connections.
	+It can match ports, track state and NAT SCTP traffic.
	+However, it will not alter port numbers during nat or rdr translations.
	+Doing so would break SCTP multihoming.
	.Sh TRANSLATION EXAMPLES
	This example maps incoming requests on port 80 to port 8080, on
	which a daemon is running (because, for example, it is not run as root,
	@@ -3319,6 +3332,7 @@
	.Xr pf 4 ,
	.Xr pfsync 4 ,
	.Xr tcp 4 ,
	+.Xr sctp 4 ,
	.Xr udp 4 ,
	.Xr hosts 5 ,
	.Xr pf.os 5 ,

File Metadata

Mime Type: text/plain
Expires: Sat, Jan 25, 8:21 AM (19 h, 21 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16132752
Default Alt Text: D40870.diff (2 KB)

D40870.diffNo OneTemporaryActions

D40870.diffView Options

File Metadata

Event Timeline

D40870.diff
No OneTemporary
Actions

D40870.diff
View Options