PF Changes in -current

Contributed by jose on from the syntax-changes dept.

Just a brief note from the PF people. Your configurations which use the syntax "flags S" will no longer work as you expect them to. You must set the mask of flags:
  > remove the "flags X" syntax.
  > noone who wrote "flags S" meant that, but actually something like "flags
  > S/SA". with "flags S" changing its actual meaning as more flags got
  > supported, things got worse.
  > ok dhartmei@, pb@ (henning@) 
Hence, you'll have to use something like flags S/SAFRUPEW in your pf.conf files. The good news is you can use macros, though:
  > Remove 'flags X' syntax, if people make heavy use of X/FOOBAR, they
  > chould use macros, e.g.
  > tcpinit="S/SAFR"
  > pass in ... flags $tcpinit (pb@)
This was done to ensure the correctness of matches, and once you migrate your rulesets over you should be good. Thanks to Daniel for some information on this change.

  3. By Jedi/Sector One () on

    "the syntax "flags S" will no longer work as you expect them to."

    Hmm, actually the reason of the change is that it was confusing, and that it was _not_ working the way people expected it to (it was working the way it was documented, but people misread the documentation...) .

    Now, things are clear.

