Module Name: src
Committed By: christos
Date: Sun Jan 8 22:14:55 UTC 2012
Modified Files:
src/usr.sbin/npf/npfctl: npf.conf.5
Log Message:
update.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/usr.sbin/npf/npfctl/npf.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.6 src/usr.sbin/npf/npfctl/npf.conf.5:1.7
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.6 Mon Nov 28 20:12:09 2011
+++ src/usr.sbin/npf/npfctl/npf.conf.5 Sun Jan 8 17:14:55 2012
@@ -1,6 +1,6 @@
-.\" $NetBSD: npf.conf.5,v 1.6 2011/11/29 01:12:09 riz Exp $
+.\" $NetBSD: npf.conf.5,v 1.7 2012/01/08 22:14:55 christos Exp $
.\"
-.\" Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd March 22, 2011
+.Dd January 6, 2012
.Dt NPF.CONF 5
.Os
.Sh NAME
@@ -141,7 +141,7 @@ rdr = "rdr" iface filt-opts "->" \*[Lt]
rproc = "procedure" \*[Lt]name\*[Gt] procs
procs = "{" op1 \*[Lt]newline\*[Gt], op2 \*[Lt]newline\*[Gt], ... "}"
-op = ( "log" iface | "normalize" "(" norm-opt1 "," norm-opt2 ... ")" )
+op = ( "log" iface | "normalise" "(" norm-opt1 "," norm-opt2 ... ")" )
norm-opt = [ "random-id" | "min-ttl" \*[Lt]num\*[Gt] | "max-mss" \*[Lt]num\*[Gt] | "no-df" ]
group = "group" "(" ( "default" | group-opts ) ")" ruleset
@@ -155,9 +155,9 @@ rule = ( "block" block-opts | "pass" )
[ "keep state" ] [ "apply" rproc }
block-opts = [ "return-rst" | "return-icmp" | "return" ]
-filt-opts = [ "from" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
- [ "to" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
-port-opts = [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] ":" \*[Lt]port-to\*[Gt] | def ) ]
+filt-addr = iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt]
+port-opts = [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] "-" \*[Lt]port-to\*[Gt] | def ) ]
+filt-opts = [ "from" filt-addr [ port-opts ] ] [ "to" filt-addr [ port-opts ] ]
proto-opts = [ "flags" \*[Lt]tcp_flags\*[Gt] | "icmp-type" \*[Lt]type\*[Gt] "code" \*[Lt]code\*[Gt] ]
.Ed
.\" -----
@@ -171,23 +171,23 @@ default configuration file
.\" -----
.Sh EXAMPLES
.Bd -literal
-ext_if = "wm0"
-int_if = "wm1"
+$ext_if = "wm0"
+$int_if = "wm1"
-services_tcp = "{ http, https, smtp, domain, 6000 }"
-services_udp = "{ domain, ntp, 6000 }"
+$services_tcp = { http, https, smtp, domain, 6000 }
+$services_udp = { domain, ntp, 6000 }
-table "1" type hash file "/etc/npf_blacklist"
-table "2" type tree dynamic
+table <1> type hash file "/etc/npf_blacklist"
+table <2> type tree dynamic
nat $ext_if from 192.168.0.0/24 to any -> $ext_if
procedure "log" {
- log npflog0
+ log: npflog0
}
procedure "rid" {
- normalize (random-id)
+ normalise: "random-id"
}
group (name "external", interface $ext_if) {
@@ -197,8 +197,8 @@ group (name "external", interface $ext_i
pass in quick inet proto tcp to $ext_if port ssh apply "log"
pass in quick proto tcp to $ext_if port $services_tcp
pass in quick proto udp to $ext_if port $services_udp
- pass in quick proto tcp to $ext_if port 49151:65535 # Passive FTP
- pass in quick proto udp to $ext_if port 33434:33600 # Traceroute
+ pass in quick proto tcp to $ext_if port 49151-65535 # Passive FTP
+ pass in quick proto udp to $ext_if port 33434-33600 # Traceroute
}
group (name "internal", interface $int_if) {
