View Single Post
  #5   (View Single Post)  
Old 12th June 2010
Loki Loki is offline
Port Guard
 
Join Date: Nov 2008
Location: Sydney
Posts: 11
Default

Quote:
Originally Posted by jggimi View Post
"proto" refers to protocols within IPv4 or IPv6, such as ICMP, ESP, or TCP. A fairly complete list are found in /etc/protocols.

If your rule does not have an explicit family, it refers to both IPv4 and IPv6. If it has one, it is limited to that family.
In addition, a point not obvious for beginners (and even some experienced users!):

If you issue the command "pfctl -vv -sr |less" you will see things like the fact that a rule that doen't contain an inet or inet6 will expand to two rules, one for each.

You'll probably get some extra clues about other operations from that command and its relatives. (man pfctl)
Reply With Quote