From 588f4160c864c1ac1b49f79bc9b44bc4a262931f Mon Sep 17 00:00:00 2001 From: jmc Date: Thu, 10 Nov 2022 19:07:21 +0000 Subject: [PATCH] tweak the "once" text; ok sashan --- share/man/man5/pf.conf.5 | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index ce52d79d927..157db72588f 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.598 2022/11/09 23:00:00 sashan Exp $ +.\" $OpenBSD: pf.conf.5,v 1.599 2022/11/10 19:07:21 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 9 2022 $ +.Dd $Mdocdate: November 10 2022 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -661,14 +661,12 @@ When the rate is exceeded, all ICMP is blocked until the rate falls below 100 per 10 seconds again. .Pp .It Cm once -Creates a one shot rule. The first matching packet marks rule as expired. -The expired rule is never evaluated then. +Creates a one shot rule. +The first matching packet marks the rule as expired; +any expired rules are no longer evaluated. +Expired rules are only shown in verbose mode (-vv): .Xr pfctl 8 -does not report expired rules unless run in verbose mode ('-vv'). In verbose -mode -.Xr pfctl 8 -appends '# expired' to note the once rule which got hit by packet other -already. +will append '# expired' to note any once rules which have already been hit. .Pp .It Cm probability Ar number Ns % A probability attribute can be attached to a rule, -- 2.20.1