From a33069b5324be7fb6d5c0a0d785bb0e10eb0aa36 Mon Sep 17 00:00:00 2001 From: darrenr Date: Mon, 4 Jun 2007 02:54:36 +0000 Subject: Merge IPFilter 4.1.23 back to HEAD See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13 --- contrib/ipfilter/man/ipf.8 | 12 ++++++++++++ contrib/ipfilter/man/ipfstat.8 | 6 +++++- contrib/ipfilter/man/ipmon.8 | 1 + 3 files changed, 18 insertions(+), 1 deletion(-) (limited to 'contrib/ipfilter/man') diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index bcf9307..678010f 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -74,6 +74,17 @@ one of the two options may be given. A fully established connection will show up in \fBipfstat -s\fP output as 5/5, with deviations either way indicating it is not fully established any more. .TP +.BR \-F <5|6|7|8|9|10|11> +For the TCP states that represent the closing of a connection has begun, +be it only one side or the complete connection, it is possible to flush +those states directly using the number corresponding to that state. +The numbers relate to the states as follows: 5 = close-wait, 6 = fin-wait-1, +7 = closing, 8 = last-ack, 9 = fin-wait-2, 10 = time-wait, 11 = closed. +.TP +.BR \-F +If the argument supplied to \fB-F\fP is greater than 30, then state table +entries that have been idle for more than this many seconds will be flushed. +.TP .BR \-f \0 This option specifies which files \fBipf\fP should use to get input from for modifying the packet filter rule @@ -105,6 +116,7 @@ Remove matching filter rules rather than add them to the internal lists .TP .B \-s Swap the active filter list in use to be the "other" one. +.TP .B \-T This option allows run-time changing of IPFilter kernel variables. Some variables require IPFilter to be in a disabled state (\fB-D\fP) for changing, diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index d0cb2a9..44ba8ba 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -124,7 +124,11 @@ seconds between an update. Any positive integer can be used. The default (and minimal update time) is 1. .TP .B \-v -Turn verbose mode on. Displays more debugging information. +Turn verbose mode on. Displays more debugging information. When used with +either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the +number of times it has been matched and the number of bytes from such packets +is displayed. For "keep state" rules, a count of the number of state sessions +active against the rule is also displayed. .SH SYNOPSIS The role of \fBipfstat\fP is to display current kernel statistics gathered as a result of applying the filters in place (if any) to packets going in and diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 2a35d16..1082e06 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -107,6 +107,7 @@ even should the result be zero. .B \-L Using this option allows you to change the default syslog facility that ipmon uses for syslog messages. The default is local0. +.TP .B \-n IP addresses and port numbers will be mapped, where possible, back into hostnames and service names. -- cgit v1.1