Module Name: src
Committed By: maxv
Date: Fri Sep 21 07:22:26 UTC 2018
Modified Files:
src/usr.sbin/npf/npfctl: npf.conf.5
Log Message:
Wrap long lines, so that nothing overflows.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/usr.sbin/npf/npfctl/npf.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.76 src/usr.sbin/npf/npfctl/npf.conf.5:1.77
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.76 Wed Sep 19 15:36:12 2018
+++ src/usr.sbin/npf/npfctl/npf.conf.5 Fri Sep 21 07:22:26 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.conf.5,v 1.76 2018/09/19 15:36:12 maxv Exp $
+.\" $NetBSD: npf.conf.5,v 1.77 2018/09/21 07:22:26 maxv Exp $
.\"
.\" Copyright (c) 2009-2017 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd September 19, 2018
+.Dd September 21, 2018
.Dt NPF.CONF 5
.Os
.Sh NAME
@@ -425,7 +425,8 @@ therefore it does not strictly represent
syntax = var-def | set-param | alg | table-def |
map | group | proc | comment
-# Variable definition. Names can be alpha-numeric, including "_" character.
+# Variable definition. Names can be alpha-numeric, including "_"
+# character.
var-name = "$" . string
interface = interface-name | var-name
@@ -439,7 +440,8 @@ set-param = "set" param-value
alg = "alg" alg-name
alg-name = "icmp"
-# Table definition. Table ID shall be numeric. Path is in the double quotes.
+# Table definition. Table ID shall be numeric. Path is in the
+# double quotes.
table-id = <table-name>
table-def = "table" table-id "type" ( "hash" | "tree" | "cdb" )
@@ -492,7 +494,8 @@ proto-opts = "flags" tcp-flags [ "/" tcp
"icmp-type" type [ "code" icmp-code ]
proto = "proto" protocol [ proto-opts ]
-filt-opts = "from" filt-addr [ port-opts ] "to" filt-addr [ port-opts ]
+filt-opts = "from" filt-addr [ port-opts ] "to" filt-addr
+ [ port-opts ]
filt-addr = [ "!" ] [ interface | addr-mask | table-id | "any" ]
port-opts = "port" ( port-num | port-from "-" port-to | var-name )
@@ -537,11 +540,16 @@ group "external" on $ext_if {
pass stateful out final all
block in final from <blacklist>
- pass stateful in final family inet4 proto tcp to $ext_if port ssh apply "log"
- pass stateful in final proto tcp to $ext_if port $services_tcp
- pass stateful in final proto udp to $ext_if port $services_udp
- pass stateful in final proto tcp to $ext_if port 49151-65535 # passive FTP
- pass stateful in final proto udp to $ext_if port 33434-33600 # traceroute
+ pass stateful in final family inet4 proto tcp to $ext_if \e
+ port ssh apply "log"
+ pass stateful in final proto tcp to $ext_if \e
+ port $services_tcp
+ pass stateful in final proto udp to $ext_if \e
+ port $services_udp
+ pass stateful in final proto tcp to $ext_if \e
+ port 49151-65535 # passive FTP
+ pass stateful in final proto udp to $ext_if \e
+ port 33434-33600 # traceroute
}
group "internal" on $int_if {
