From 9448c15a5d15cfcb5da1ffbe88d0423612569376 Mon Sep 17 00:00:00 2001
From: ugen <ugen@FreeBSD.org>
Date: Fri, 3 Mar 1995 12:59:47 +0000
Subject: Update manpage..BTW,if somebody wit good English would go through it
 and fix it would be a really good idea.

---
 sbin/ipfw/ipfw.8 | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

(limited to 'sbin')

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index e0c14cb..8c777c1 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -36,6 +36,9 @@ These are <entry-actions>:
   dela[ccounting] - remove entry from accounting chain.
   clr[accounting] - clear counters for accounting chain entry.
 
+If no <entry-action> specified,default addf[irewall] or add[accounting]
+will be used,depending on <chain-entry pattern> specified.
+
 These are <chain-actions>:
   f[lush] - remove all entries in firewall/accounting chains.
   l[ist] - show all entries in firewall/accounting chains.
@@ -44,17 +47,20 @@ These are <chain-actions>:
 
 This is <chain-entry pattern> structure:
  For forwarding/blocking chains:
-  lr[eject] <proto/addr pattern>    reject packet,send ICMP unreachable and log.
-  r[eject]  <proto/addr pattern>    reject packet,send ICMP unreachable.
-  ld[eny]   <proto/addr pattern>    reject packet,log it.
-  d[eny]    <proto/addr pattern>    reject packet.
-  l[og]     <proto/addr pattern>    allow packet,log it.
-  a[ccept]  <proto/addr pattern>    allow packet.
+  lreject <proto/addr pattern>    reject packet,send ICMP unreachable and log.
+  reject  <proto/addr pattern>    reject packet,send ICMP unreachable.
+  ldeny   <proto/addr pattern>    reject packet,log it.
+  deny    <proto/addr pattern>    reject packet.
+  log     <proto/addr pattern>    allow packet,log it.
+  accept  <proto/addr pattern>    allow packet.
+  pass	    <proto/addr pattern>    allow packet.
  For accounting chain:
-  s[ingle]        <proto/addr pattern>   log packets matching entry.
-  b[idirectional] <proto/addr pattern>   log packets matching entry and 
+  single        <proto/addr pattern>   log packets matching entry.
+  bidirectional <proto/addr pattern>   log packets matching entry and 
                   those going in opposite direction (from entry
                   "dst" to "src").
+
+Each keyword will be recognized by the shortest unambigious prefix.
                                            
 The <proto/addr pattern> is:
  all|icmp     from <src addr/mask>        to <dst addr/mask>       [via <via>]
@@ -62,11 +68,17 @@ The <proto/addr pattern> is:
  all matches any IP packet.
  icmp,tcp and udp - packets for corresponding protocols.
  tcpsyn - tcp SYN packets (which used when initiating connection).
+
+
+The order of from/to/via keywords is unimportant.You can skip any
+of them,which will be then substituted by default entry matching
+any from/to/via packet kind.
     
 The <src addr/mask>:
  <INET IP addr | domain name> [/mask bits | :mask pattern]
   Mask bits is a decimal number of bits set in the address  mask.
   Mask pattern has form of IP address and AND'ed logically with address given.
+  Keyword "any" can be used to specify 'any IP'.
  [ports]: [ port,port....|port:port] 
   Name of service can be used instead of port numeric value.
   
@@ -74,6 +86,7 @@ The via <via> is optional and may specify IP address/domain name of local
  IP interface, or interface name (e.g. ed0) to match only packets coming 
  through this interface.The IP or name given is NOT checked, and wrong
  value of IP causes entry to not match anything.
+ Keyword 'via' can be substituted by 'on',for readability reasons.
    
 To l[ist] command may be passed:
  f[irewall] | a[ccounting] to list specific chain or none to list
-- 
cgit v1.1