diff options
| author | sheldonh <sheldonh@FreeBSD.org> | 2000-03-01 14:50:24 +0000 |
|---|---|---|
| committer | sheldonh <sheldonh@FreeBSD.org> | 2000-03-01 14:50:24 +0000 |
| commit | b45b9e3cde3c8b803fc2c4fbdb784fc378ced24d (patch) | |
| tree | 0b7d3487005ae5a1da0062d675a3bf21249410eb /share/man/man4/ipfirewall.4 | |
| parent | 46cac19efdca36bb719c540488e5b984e7370eca (diff) | |
| download | FreeBSD-src-b45b9e3cde3c8b803fc2c4fbdb784fc378ced24d.zip FreeBSD-src-b45b9e3cde3c8b803fc2c4fbdb784fc378ced24d.tar.gz | |
Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
Diffstat (limited to 'share/man/man4/ipfirewall.4')
| -rw-r--r-- | share/man/man4/ipfirewall.4 | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/share/man/man4/ipfirewall.4 b/share/man/man4/ipfirewall.4 index c5c3e74..e857ee7 100644 --- a/share/man/man4/ipfirewall.4 +++ b/share/man/man4/ipfirewall.4 @@ -17,13 +17,16 @@ .Sh DESCRIPTION Ipfirewall (alias ipfw) is a system facility which allows filtering, redirecting, and other operations on IP packets travelling through -system interfaces. Packets are matched by applying an ordered list +system interfaces. +Packets are matched by applying an ordered list of pattern rules against each packet until a match is found, at -which point the corresponding action is taken. Rules are numbered +which point the corresponding action is taken. +Rules are numbered from 1 to 65534; multiple rules may share the same number. .Pp There is one rule that always exists, rule number 65535. This rule -normally causes all packets to be dropped. Hence, any packet which does not +normally causes all packets to be dropped. +Hence, any packet which does not match a lower numbered rule will be dropped. However, a kernel compile time option .Dq IPFIREWALL_DEFAULT_TO_ACCEPT @@ -43,7 +46,8 @@ IP_FW_DEL deletes all rules having the matching rule number. IP_FW_GET returns the (first) rule having the matching rule number. .Pp IP_FW_ZERO zeros the statistics associated with all rules having the -matching rule number. If the rule number is zero, all rules are zeroed. +matching rule number. +If the rule number is zero, all rules are zeroed. .Pp IP_FW_FLUSH removes all rules (except 65535). .Pp @@ -171,7 +175,8 @@ Options in the kernel configuration file: When packets match a rule with the IP_FW_F_PRN bit set, a message is logged to the console if IPFIREWALL_VERBOSE has been enabled; IPFIREWALL_VERBOSE_LIMIT limits the maximum number of times each -rule can cause a log message. These variables are also +rule can cause a log message. +These variables are also available via the .Xr sysctl 3 interface. @@ -179,7 +184,7 @@ interface. [EINVAL] The IP option field was improperly formed; an option field was shorter than the minimum value or longer than - the option buffer provided. A structural error in + the option buffer provided. A structural error in ip_fw structure occurred (n_src_p+n_dst_p too big, ports set for ALL/ICMP protocols etc.). An invalid rule number was used. |
