man pf.conf never describes what "!" does. The "!" is used in some examples
and
a lot of the time is obvious what will happens. The pf faq has somewhat more
of
an explanation of "!" with multiple address, but its explanation only refers
to the
use of "!" in tables. There is never any statement of what !addr.
I expect that description given in the pf faq covers the behavior of "!" in
any
places that ip addresses are given.
I tripped over this when I want to block 2 ip address from accessing a
service
I (and I realize I was wrong ) always considered that
pass quick from { addr 1, addr2 }
Could be written as
pass quick from addr1
pass quick from addr2
put if "!" are used this obvious should not be true
pass quick from { !addr1, !addr2 }
cannot be the same as ( at least I hope since I haven't built the system to
test it)
pass quick from !addr1
pass quick from !addr2
furthermore the descriptions that do exist do not cover the boundary cases
such as 192.168.0.1-192.168.0.30 !192.168.0.20-192.168.0.40
