diff options
author | darrenr <darrenr@FreeBSD.org> | 2003-02-15 06:27:40 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2003-02-15 06:27:40 +0000 |
commit | cd8fb83e1fd0e99706f1352a9c2c9aa96fa39617 (patch) | |
tree | 645fded6b981934343bb4211eb4e2f48a6943498 /contrib/ipfilter/man | |
parent | 6925466b63c6d8e3fcc363c622d16977df4b06ce (diff) | |
parent | bb1b56a0d0298883a2ab7c9a86a66dedb7a42c0b (diff) | |
download | FreeBSD-src-cd8fb83e1fd0e99706f1352a9c2c9aa96fa39617.zip FreeBSD-src-cd8fb83e1fd0e99706f1352a9c2c9aa96fa39617.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r110917,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/ipfilter/man')
-rw-r--r-- | contrib/ipfilter/man/ipfs.8 | 4 | ||||
-rw-r--r-- | contrib/ipfilter/man/ipnat.5 | 39 | ||||
-rw-r--r-- | contrib/ipfilter/man/ipnat.8 | 2 |
3 files changed, 35 insertions, 10 deletions
diff --git a/contrib/ipfilter/man/ipfs.8 b/contrib/ipfilter/man/ipfs.8 index 04b8863..b07935a 100644 --- a/contrib/ipfilter/man/ipfs.8 +++ b/contrib/ipfilter/man/ipfs.8 @@ -80,12 +80,12 @@ Lock state tables in the kernel. .B \-r Read information in from the specified file and load it into the kernel. This requires the state tables to have already been locked -and does not change the lock once comlete. +and does not change the lock once complete. .TP .B \-w Write information out to the specified file and from the kernel. This requires the state tables to have already been locked -and does not change the lock once comlete. +and does not change the lock once complete. .TP .B \-R Restores all saved state information, if any, from two files, diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index f0a4ac9..fe45464 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -7,10 +7,10 @@ The format for files accepted by ipnat is described by the following grammar: .nf ipmap :: = mapblock | redir | map . -map ::= mapit ifname ipmask "->" dstipmask [ mapport ] . -map ::= mapit ifname fromto "->" dstipmask [ mapport ] . -mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] . -redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport options . +map ::= mapit ifname ipmask "->" dstipmask [ mapport ] mapoptions. +map ::= mapit ifname fromto "->" dstipmask [ mapport ] mapoptions. +mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] mapoptions. +redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . @@ -20,7 +20,8 @@ fromto ::= "from" object "to" object . ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask . dstipmask ::= ipmask | "range" ip "-" ip . mapport ::= "portmap" tcpudp portspec . -options ::= [ tcpudp ] [ rr ] . +mapoptions ::= [ tcpudp ] [ "frag" ] [ age ] [ clamp ] . +rdroptions ::= [ tcpudp ] [ rr ] [ "frag" ] [ age ] [ clamp ] . object :: = addr [ port-comp | port-range ] . addr :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . @@ -28,8 +29,12 @@ port-comp :: = "port" compare port-num . port-range :: = "port" port-num range port-num . rr ::= "round-robin" . -nummask = host-name [ "/" decnumber ] . -tcpudp ::= "tcp" | "udp" | "tcp/udp" . +age ::= "age" decnumber [ "/" decnumber ] . +clamp ::= "mssclamp" decnumber . +tcpudp ::= "tcp/udp" | protocol . + +protocol ::= protocol-name | decnumber . +nummask ::= host-name [ "/" decnumber ] . portspec ::= "auto" | portnumber ":" portnumber . portnumber ::= number { numbers } . ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers . @@ -107,6 +112,26 @@ rule. Such a rule might look like the following: .PP Only IP address and port numbers can be compared against. This is available with all NAT rules. +.SH COMMAND QUALIFIERS +At the end of each rule, a number of qualifiers can be used to change how +the rule works. They are as follows: +.TP +protocol +A specific protocol may be given either by its name (as found in +/etc/protocols) or its number. A special case for supporting both +TCP and UDP is allowed with the name \fBtcp/udp\fP. +.TP +.B round-robin +Once a rule with this term has been successfully used, it is put at the +bottom of the list of those available so that each one will get used, in +turn, in a list of matching left hand sides. +.TP +.B frag +This qualifier is currently has no impact on NAT operation. +.TP +.B age +If more refined timeouts are required than those available globally for +NAT settings, this allows you to set them for \fBnon-TCP\fP use. .SH TRANSLATION .PP To the right of the "->" is the address and port specificaton which will be diff --git a/contrib/ipfilter/man/ipnat.8 b/contrib/ipfilter/man/ipnat.8 index 760e0af..3b365ed 100644 --- a/contrib/ipfilter/man/ipnat.8 +++ b/contrib/ipfilter/man/ipnat.8 @@ -29,7 +29,7 @@ active NAT mappings) Show the list of current NAT table entry mappings. .TP .B \-n -This flag (no-change) prevents \fBipf\fP from actually making any ioctl +This flag (no-change) prevents \fBipnat\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-s |