Re: no "flags x"? [CVS: cvs.openbsd.org: src]

[Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>]

On Mon, Oct 28, 2002 at 11:31:05AM +0200, Denis A. Doroshenko wrote:
> On Mon, Oct 28, 2002 at 09:25:52AM +0100, Camiel Dobbelaar wrote:
> > On Mon, 28 Oct 2002, Denis A. Doroshenko wrote:
> > > well, is this really good? when i used "flags S" that was indeed "the
> > > only SYN, no other flags". how do i do it now, after this change?
> > S="S/FSRPAUEW"
> > pass in on on lo0 proto tcp from any to any flags $S
> yeah, that nicy pf.conf preprocessing! no quarter for missing this.
> > The bottomline is that 'flags S' is bad, if you want to be a good netizen.
> > It breaks ECN for example. 
> ok, i see the point. this could be just added to a man page, and the
> syntax left. there could be even "good" examples, encouraging be a goot
> netizen.

no, adding it to the manpage is not sufficient.
the entire point is that there is barely a point in filtering for "flags
S/FSRPAUEW". This barely ever makes sense. I'm going further: I say nobody
who had flags S acyually meant that because he didn't understand the
implications.
with disallowing the "flags X" syntax we at least force the user to have a
look at the manpage where the stuff is explained.

> OTOH (a little OT perhaps), that ECN stuff itself smells weird, though.

huh? no. ECN kicks ass.