Import IPFilter 3.4.28

3 files changed, 20 insertions, 9 deletions

diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1
index aba216a..9f7f2e3 100644
--- a/contrib/ipfilter/man/ipftest.1
+++ b/contrib/ipfilter/man/ipftest.1
@@ -4,7 +4,7 @@ ipftest \- test packet filter rules with arbitary input.
 .SH SYNOPSIS
 .B ipftest
 [
-.B \-vbdPSTEHX
+.B \-vbdPRSTEHX
 ] [
 .B \-I
 interface
@@ -76,6 +76,10 @@ The input file specified by \fB\-i\fP is a binary file produced using libpcap
 (i.e., tcpdump version 3).  Packets are read from this file as being input
 (for rule purposes).  An interface maybe specified using \fB\-I\fP.
 .TP
+.B \-R
+Remove rules rather than load them.  This is not a toggle option, so once
+set, it cannot be reset by further use of -R.
+.TP
 .B \-S
 The input file is to be in "snoop" format (see RFC 1761).  Packets are read
 from this file and used as input from any interface.  This is perhaps the
@@ -98,7 +102,12 @@ option combinations:
 .B \-H
 The input file is to be hex digits, representing the binary makeup of the
 packet.  No length correction is made, if an incorrect length is put in
-the IP header.
+the IP header.  A packet may be broken up over several lines of hex digits,
+a blank line indicating the end of the packet.  It is possible to specify
+both the interface name and direction of the packet (for filtering purposes)
+at the start of the line using this format: [direction,interface]  To define
+a packet going in on le0, we would use \fB[in,le0]\fP - the []'s are required
+and part of the input syntax.
 .TP
 .B \-X
 The input file is composed of text descriptions of IP packets.
diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4
index 6cba7b6..54f55d3 100644
--- a/contrib/ipfilter/man/ipnat.4
+++ b/contrib/ipfilter/man/ipnat.4
@@ -31,7 +31,7 @@ being that the fd must be that of the device associated with the module
 (i.e., /dev/ipl).
 .LP
 .PP
-The strcture used with the NAT interface is described below:
+The structure used with the NAT interface is described below:
 .LP
 .nf
 typedef struct  ipnat   {
diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5
index 16c1752..a8beb6f 100644
--- a/contrib/ipfilter/man/ipnat.5
+++ b/contrib/ipfilter/man/ipnat.5
@@ -19,17 +19,19 @@ mapit ::= "map" | "bimap" .
 fromto ::= "from" object "to" object .
 ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
 dstipmask ::= ipmask | "range" ip "-" ip .
-mapport ::= "portmap" tcpudp portnumber ":" portnumber .
+mapport ::= "portmap" tcpudp portspec .
 options ::= [ tcpudp ] [ rr ] .
 
-object  = addr [ port-comp | port-range ] .
-addr    = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
-port-comp = "port" compare port-num .
-port-range = "port" port-num range port-num .
+object  :: = addr [ port-comp | port-range ] .
+addr    :: = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
+port-comp :: = "port" compare port-num .
+port-range :: = "port" port-num range port-num .
 
 rr ::= "round-robin" .
+nummask = host-name [ "/" decnumber ] .
 tcpudp ::= "tcp" | "udp" | "tcp/udp" .
-portnumber ::= number { numbers } | "auto" .
+portspec ::= "auto" | portnumber ":" portnumber .
+portnumber ::= number { numbers } .
 ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
 
 numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .