10 files changed, 24 insertions, 128 deletions
diff --git a/contrib/ipfilter/man/ipf.1 b/contrib/ipfilter/man/ipf.1
deleted file mode 100644
index 5ea06fa..0000000
--- a/contrib/ipfilter/man/ipf.1
+++ /dev/null
@@ -1,109 +0,0 @@
-.TH IPF 1
-.SH NAME
-ipf \- alters packet filtering lists for IP packet input and ouput
-.SH SYNOPSIS
-.B ipf
-[
-.B \-AdDEInorsUvyzZ
-] [
-.B \-l
-<block|pass|nomatch>
-] [
-.B \-F
-<i|o|a>
-]
-.B \-f
-<\fIfilename\fP>
-[
-.B \-f
-<\fIfilename\fP>
-[...]]
-.SH DESCRIPTION
-.PP
-\fBipf\fP opens the filenames listed (treating "\-" as stdin) and parses the
-file for a set of rules which are to be added or removed from the packet
-filter rule set.
-.PP
-Each rule processed by \fBipf\fP
-is added to the kernel's internal lists if there are no parsing problems.
-Rules are added to the end of the internal lists, matching the order in
-which they appear when given to \fBipf\fP.
-.SH OPTIONS
-.TP
-.B \-A
-Set the list to make changes to the active list (default).
-.TP
-.B \-d
-Turn debug mode on.  Causes a hexdump of filter rules to be generated as
-it processes each one.
-.TP
-.B \-D
-Disable the filter (if enabled).  Not effective for loadable kernel versions.
-.TP
-.B \-E
-Enable the filter (if disabled).  Not effective for loadable kernel versions.
-.TP
-.BR \-F \0<param>
-This option specifies which filter list to flush.  The parameter should
-either be "i" (input), "o" (output) or "a" (remove all filter rules).
-Either a single letter or an entire word starting with the appropriate
-letter maybe used.  This option maybe before, or after, any other with
-the order on the command line being that used to execute options.
-.TP
-.BR \-f \0<filename>
-This option specifies which files
-\fBipf\fP should use to get input from for modifying the packet filter rule
-lists.
-.TP
-.B \-I
-Set the list to make changes to the inactive list.
-.TP
-.B \-l \0<param>
-Use of the \fB-l\fP flag toggles default logging of packets.  Valid
-arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP.
-When an option is set, any packet which exits filtering and matches the
-set category is logged.  This is most useful for causing all packets
-which don't match any of the loaded rules to be logged.
-.TP
-.B \-n
-This flag (no-change) prevents \fBipf\fP from actually making any ioctl
-calls or doing anything which would alter the currently running kernel.
-.TP
-.B \-o
-Force rules by default to be added/deleted to/from the output list, rather
-than the (default) input list.
-.TP
-.B \-r
-Remove matching filter rules rather than add them to the internal lists
-.TP
-.B \-s
-Swap the active filter list in use to be the "other" one.
-.TP
-.B \-U
-(SOLARIS 2 ONLY) Block packets travelling along the data stream which aren't
-recognised as IP packets.  They will be printed out on the console.
-.TP
-.B \-v
-Turn verbose mode on.  Displays information relating to rule processing.
-.TP
-.B \-y
-(SOLARIS 2 ONLY) Manually resync the in-kernel interface list maintained
-by IP Filter with the current interface status list.
-.TP
-.B \-z
-For each rule in the input file, reset the statistics for it to zero and
-display the statistics prior to them being zero'd.
-.TP
-.B \-Z
-Zero global statistics held in the kernel for filtering only (this doesn't
-affect fragment or state statistics).
-.DT
-.SH SEE ALSO
-ipfstat(1), ipftest(1), ipf(5), mkfilters(1)
-.SH DIAGNOSTICS
-.PP
-Needs to be run as root for the packet filtering lists to actually
-be affected inside the kernel.
-.SH BUGS
-.PP
-If you find any, please send email to me at darrenr@cyber.com.au
diff --git a/contrib/ipfilter/man/ipf.4 b/contrib/ipfilter/man/ipf.4
index 7d6436a..b1188c8 100644
--- a/contrib/ipfilter/man/ipf.4
+++ b/contrib/ipfilter/man/ipf.4
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH IPF 4
 .SH NAME
 ipf \- packet filtering kernel interface
diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5
index 835d775..ecd6caf 100644
--- a/contrib/ipfilter/man/ipf.5
+++ b/contrib/ipfilter/man/ipf.5
@@ -1,10 +1,11 @@
+.\" $FreeBSD$
 .TH IPF 5
 .SH NAME
-ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax
+ipf, ipf.conf \- IP packet filter rule syntax
 .SH DESCRIPTION
 .PP
 A rule file for \fBipf\fP may have any name or even be stdin.  As
-\fBipfstat\fP produces parsable rules as output when displaying the internal
+\fBipfstat\fP produces parseable rules as output when displaying the internal
 kernel filter lists, it is quite plausible to use its output to feed back
 into \fBipf\fP.  Thus, to remove all filters on input packets, the following
 could be done:
@@ -37,7 +38,7 @@ log	= "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
 call	= "call" [ "now" ] function-name .
 skip	= "skip" decnumber .
 dup	= "dup-to" interface-name[":"ipaddr] .
-froute	= "fastroute" | "to" interface-name[":"ipaddr] .
+froute	= "fastroute" | "to" interface-name .
 protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
 srcdst	= "all" | fromto .
 fromto	= "from" [ "!" ] object "to" [ "!" ] object .
@@ -116,7 +117,7 @@ below).
 Filters are installed by default at the end of the kernel's filter
 lists, prepending the rule with \fB@n\fP will cause it to be inserted
 as the n'th entry in the current list. This is especially useful when
-modifying and testing active filter rulesets. See ipf(8) for more
+modifying and testing active filter rulesets. See ipf(1) for more
 information.
 .SH ACTIONS
 .PP
@@ -136,7 +137,7 @@ with a rule which is being applied to TCP packets.  When using
 \fBreturn-icmp\fP or \fBreturn-icmp-as-dest\fP, it is possible to specify
 the actual unreachable `type'.  That is, whether it is a network
 unreachable, port unreachable or even administratively
-prohibited. This is done by enclosing the ICMP code associated with
+prohibitied. This is done by enclosing the ICMP code associated with
 it in parenthesis directly following \fBreturn-icmp\fP or
 \fBreturn-icmp-as-dest\fP as follows:
 .nf
@@ -386,7 +387,7 @@ against, e.g.:
 .TP
 .B icmp-type
 is only effective when used with \fBproto icmp\fP and must NOT be used
-in conjunction with \fBflags\fP.  There are a number of types, which can be
+in conjuction with \fBflags\fP.  There are a number of types, which can be
 referred to by an abbreviation recognised by this language, or the numbers
 with which they are associated can be used.  The most important from
 a security point of view is the ICMP redirect.
@@ -427,7 +428,7 @@ indicates that the rule should be put in group (number n) rather than group 0.
 .PP
 When a packet is logged, with either the \fBlog\fP action or option,
 the headers of the packet are written to the \fBipl\fP packet logging
-pseudo-device. Immediately following the \fBlog\fP keyword, the
+psuedo-device. Immediately following the \fBlog\fP keyword, the
 following qualifiers may be used (in order):
 .TP
 .B body
diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8
index 60261d2..a1f5b06 100644
--- a/contrib/ipfilter/man/ipf.8
+++ b/contrib/ipfilter/man/ipf.8
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH IPF 8
 .SH NAME
 ipf \- alters packet filtering lists for IP packet input and output
@@ -112,7 +113,7 @@ the current interface status list.
 .TP
 .B \-z
 For each rule in the input file, reset the statistics for it to zero and
-display the statistics prior to them being zeroed.
+display the statistics prior to them being zero'd.
 .TP
 .B \-Z
 Zero global statistics held in the kernel for filtering only (this doesn't
diff --git a/contrib/ipfilter/man/ipfilter.5 b/contrib/ipfilter/man/ipfilter.5
index 0bba0f4..97e504d 100644
--- a/contrib/ipfilter/man/ipfilter.5
+++ b/contrib/ipfilter/man/ipfilter.5
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH IPFILTER 1
 .SH NAME
 IP Filter
diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8
index c506a15..f4e5d5b 100644
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH ipfstat 8
 .SH NAME
 ipfstat \- reports on packet filter statistics and filter list
@@ -34,7 +35,7 @@ ipfstat \- reports on packet filter statistics and filter list
 \fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP,
 \fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP.
 To run and work, it needs to be able to read both /dev/kmem and the
-kernel itself.  The kernel name defaults to \fB/vmunix\fP.
+kernel itself.  The kernel name defaults to \fB/kernel\fP.
 .PP
 The default behaviour of \fBipfstat\fP
 is to retrieve and display the accumulated statistics which have been
@@ -64,7 +65,7 @@ This option is only valid in combination with \fB\-t\fP. Limit the state top
 display to show only state entries whose destination IP address and port
 match the addport argument. The addrport specification is of the form
 ipaddress[,port].  The ipaddress and port should be either numerical or the
-string "any" (specifying any IP address resp. any port). If the \fB\-D\fP
+string "any" (specifying any ip address resp. any port). If the \fB\-D\fP
 option is not specified, it defaults to "\fB\-D\fP any,any".
 .TP
 .B \-f
@@ -140,7 +141,7 @@ kernel.
 Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
 this mode the state table is displayed similar to the way \fBtop\fP displays
 the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP 
-command line options can be used to restrict the state entries that will be 
+commandline options can be used to restrict the state entries that will be 
 shown and to specify the frequency of display updates.
 .PP
 In state top mode, the following keys can be used to influence the displayed
@@ -180,7 +181,7 @@ No support for IPv6
 .br
 /dev/ipstate
 .br
-/vmunix
+/kernel
 .SH SEE ALSO
 ipf(8)
 .SH BUGS
diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1
index bbfbc0c..936445c 100644
--- a/contrib/ipfilter/man/ipftest.1
+++ b/contrib/ipfilter/man/ipftest.1
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH ipftest 1
 .SH NAME
 ipftest \- test packet filter rules with arbitrary input.
diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8
index 2827797..a559e94 100644
--- a/contrib/ipfilter/man/ipmon.8
+++ b/contrib/ipfilter/man/ipmon.8
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH ipmon 8
 .SH NAME
 ipmon \- monitors /dev/ipl for logged packets
@@ -82,11 +83,11 @@ are displayed to the same output 'device' (stderr or syslog).
 .TP
 .B \-b
 For rules which log the body of a packet, generate hex output representing
-the packet contents after the headers.
+the packet contents afte the headers.
 .TP
 .B \-D
 Cause ipmon to turn itself into a daemon.  Using subshells or backgrounding
-of ipmon is not required to turn it into an orphan so it can run indefinitely.
+of ipmon is not required to turn it into an orphan so it can run indefinately.
 .TP
 .B "\-f <device>"
 specify an alternative device/file from which to read the log information
@@ -125,7 +126,7 @@ or later) or \fI/etc/ipmon.pid\fP for all others.
 .B \-s
 Packet information read in will be sent through syslogd rather than
 saved to a file.  The default facility when compiled and installed is
-\fBlocal0\fP.  The following levels are used:
+\fBsecurity\fP.  The following levels are used:
 .IP
 .B LOG_INFO
 \- packets logged using the "log" keyword as the action rather
@@ -169,6 +170,4 @@ recorded data.
 /etc/services
 .SH SEE ALSO
 ipl(4), ipf(8), ipfstat(8), ipnat(8)
-.SH BUGS
-.PP
-If you find any, please send email to me at darrenr@pobox.com
+.\".SH BUGS
diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4
index 54f55d3..095e4e5 100644
--- a/contrib/ipfilter/man/ipnat.4
+++ b/contrib/ipfilter/man/ipnat.4
@@ -1,3 +1,4 @@
+.\" $FreeBSD$
 .TH IPNAT 4
 .SH NAME
 ipnat \- Network Address Translation kernel interface
diff --git a/contrib/ipfilter/man/man.sed b/contrib/ipfilter/man/man.sed
deleted file mode 100644
index 0be8dab..0000000
--- a/contrib/ipfilter/man/man.sed
+++ /dev/null
@@ -1 +0,0 @@
-DF.	�..�CVSD~MakefileDipf.1D�ipf.4D�ipf.5D�