diff options
author | darrenr <darrenr@FreeBSD.org> | 2002-08-28 13:42:48 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2002-08-28 13:42:48 +0000 |
commit | 3aab5fb9fd5d3200009207f552a48b8100b853b2 (patch) | |
tree | f2d0223cccbc9beaa3eb21f7810ca0eea835a8ce /contrib/ipfilter/man | |
parent | 29738d8f278be232c05ed98a0186e26e2d211f77 (diff) | |
download | FreeBSD-src-3aab5fb9fd5d3200009207f552a48b8100b853b2.zip FreeBSD-src-3aab5fb9fd5d3200009207f552a48b8100b853b2.tar.gz |
With a bit of luck, this will be a first-time right import of ipfilter 3.4.29
on to the vendor branch.
Diffstat (limited to 'contrib/ipfilter/man')
-rw-r--r-- | contrib/ipfilter/man/ipmon.8 | 7 | ||||
-rw-r--r-- | contrib/ipfilter/man/ipnat.5 | 9 |
2 files changed, 14 insertions, 2 deletions
diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 0ec7854..0030c74 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -46,8 +46,11 @@ long). 4. The group and rule number of the rule, e.g., \fB@0:17\fP. These can be viewed with \fBipfstat -n\fP. .LP -5. The action: \fBp\fP for passed, \fBb\fP for blocked, \fB\fP for a short -packet, \fBn\fP did not match any rules or \fBL\fP for a log rule. +5. The action: \fBp\fP for passed, \fBb\fP for blocked, \fBS\fP for a short +packet, \fBn\fP did not match any rules, \fBL\fP for a log rule. The order +of precedence in showing flags is: S, p, b, n, L. A capital \fBP\fP or +\fBB\fP means that the packet has been logged due to a global logging +setting, not a particular rule. .LP 6. The addresses. This is actually three fields: the source address and port diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index a8beb6f..f0a4ac9 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -96,6 +96,15 @@ or as map de0 from 10.1.0.0/16 to any -> 201.2.3.4/32 .fi .LP +For even greater control, one may negate either of the "from" or "to" clauses +with a preceding exclamation mark ("!"). Please note that one may not use a +negated "from" within a \fBmap\fP rule or a negated "to" within a \fBrdr\fP +rule. Such a rule might look like the following: +.LP +.nf ++map de0 from 10.1.0.0/16 ! to 10.1.0.0/16 -> 201.2.3.4/32 +.fi +.PP Only IP address and port numbers can be compared against. This is available with all NAT rules. .SH TRANSLATION |